A critical vulnerability has been found in the newly announced NLWeb protocol by Microsoft, just a few months after it was unveiled at Build. The “HTML for the Agentic Web” protocol is supposed to offer ChatGPT-like search capabilities on any website or app.
The security flaw allows remote users to access sensitive files, including system configuration files and API keys, making it easily exploitable like visiting a malformed URL. Microsoft has patched the issue, but it raises questions about how such basic security measures weren’t detected in its focus on new AI-powered systems.
Aonan Guan, a senior cloud security engineer at Wyze, discovered the flaw with Lei Wang and reported it to Microsoft in May. The company issued a fix on July 1st, but has not issued an industry-standard CVE for the issue, prompting researchers to push for its classification.
Guan emphasizes that leaking sensitive API keys is catastrophic for AI agents, which could lead to massive financial loss from abuse or malicious clone creation. With native support for Model Context Protocol (MCP) in Windows on the horizon, Microsoft must balance speed with security as a top priority.
Source: https://www.theverge.com/news/719617/microsoft-nlweb-security-flaw-agentic-web