Millions of AI agents imperiled by critical vulnerability in open source package

A critical vulnerability in the Starlette open source framework has put millions of AI agents and tools at risk of being breached, allowing hackers to steal sensitive data and credentials. The vulnerability, which affects thousands of other open source projects that rely on Starlette, can be exploited to gain unauthorized access to servers running the framework. With over 325 million downloads per week, the scope of the vulnerability is substantial. The Starlette framework is an implementation of the ASGI, which enables asynchronous server gateway interface functionality. This vulnerability poses a significant threat to the security of AI systems and third-party accounts connected to them¹. The widespread use of Starlette in various open source projects amplifies the potential impact of this vulnerability, making it a pressing concern for developers and security practitioners to address. The vulnerability's existence in such a widely-used framework underscores the importance of diligent security auditing and patching in the development process.