This week in the Wild West Roundup:

2026-05-18 · Bits and Bobs 5/18/26

This week in the Wild West Roundup:
- Mean Pooling Was Hiding Prompt Injections in Our RAG Pipeline.
- Using Bedrock with Claude Code? Your AWS Credentials Are Shared With Every Subprocess.
- PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public.
  - This one is a good-old-fashioned vulnerability.
  - When you have agents on the other side, even "normal" bugs get way more dangerous.
  - An attacker who controls your agent now has their own agent loose on your machine!
- Cisco's SVP of Security and Trust: "The failure is not identity; it's authorization."
  - We're using the wrong model for agent permissions.
  - Just because it was once associated with you doesn't mean it will always act in line with your intentions.
  - LLMs are extremely confusable deputies!

More on this topic

From other episodes