In May, Microsoft unveiled NLWeb, an attempt to change the internet by giving websites the ability to perform actions in plain language, as if you were talking to a chatbot. But almost immediately, a serious vulnerability was found in this protocol, reports The Verge.
The announcement was made at Build 2025 on May 20, and a week later, on the 28th, Microsoft received a report from Wyze security researchers Aonan Guan and Lei Wang about the vulnerability. It gave attackers access to sensitive files, including system configuration files and even OpenAI and Gemini API keys.
The most dangerous thing about this vulnerability was that it was a common workaround that could easily be exploited by attackers. Microsoft quickly took action to fix it and released an update on June 1.
Despite the swift response, the new vulnerability has already raised serious questions about the tech giant's approach to security. The company's refusal to assign the issue a CVE, which would have classified the vulnerability and notified it to a wider audience, has further fueled outrage.
"This case study serves as a critical reminder that as we build new AI-powered systems, we must re-evaluate the impact of classic vulnerabilities, which now have the potential to compromise not just servers, but the ‘brains’ of AI agents themselves," Guan said.
Microsoft also commented on the vulnerability to The Verge, stating that all clients using the repository — currently Shopify, Snowflake, and TripAdvisor — are automatically protected.
"This issue was responsibly reported and we have updated the open-source repository," Microsoft spokesperson Ben Hope said in a statement to The Verge. "Microsoft does not use the impacted code in any of our products. Customers using the repository are automatically protected."