{"vulnerability": "cve-2026-48710", "sightings": [{"uuid": "d47876d7-5c62-40b7-9273-54680c700165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aidoo-noticias.bsky.social/post/3mmrsan63on2z", "content": "Alerta: BadHost (CVE-2026-48710) en Starlette permite eludir autorizaci\u00f3n por rutas con 1 car\u00e1cter en Host; impacta FastAPI, vLLM, LiteLLM y servidores ASGI/MCP. Actualiza a 1.0.1. #Ciberseguridad #Python", "creation_timestamp": "2026-05-26T20:08:00.536479Z"}, {"uuid": "d7a4b95d-1b2d-48bc-97c9-899c15c005e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/dragostech.bsky.social/post/3mmqixgpa4s2n", "content": "\ud83d\udea8 CVE-2026-48710(\"BadHost\"): one character in a Host header bypasses path-based authorization across most of the Python AI stack.\n\nLives in Starlette, reaches FastAPI and through it: vLLM (where it was discovered), LiteLLM, TGI, MCP servers, agent harnesses, eval dashboards.\n\ncc @marver.bsky.social", "creation_timestamp": "2026-05-26T07:49:13.496189Z"}, {"uuid": "41660d10-950b-43bf-bddf-542e7a697136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/dragostech.bsky.social/post/3mmqjd6idtk2n", "content": "\ud83d\udea8CVE-2026-48710(\"BadHost\"): one character in a Host header bypasses path-based authorization across most of the Python AI stack.\n\nLives in Starlette, reaches FastAPI and through it: vLLM (where it was discovered), LiteLLM, TGI, MCP servers, agent harnesses, eval dashboards.\ncc \n@marver.bsky.social", "creation_timestamp": "2026-05-26T07:55:47.138306Z"}, {"uuid": "93cb26e4-4e87-4dac-a869-bd7a876bd8c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mmsyfqgnsk2q", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\n\nhttps://badhost.org/", "creation_timestamp": "2026-05-27T07:30:52.960021Z"}, {"uuid": "a54caa28-90ef-473f-81e0-07d5987c8a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mmsywah7tl27", "content": "CVE-2026-48710 Starlette Host-Header Auth Bypass https://lobste.rs/s/cmsgwo #python #web ", "creation_timestamp": "2026-05-27T07:40:07.266716Z"}, {"uuid": "3bf4f494-b487-46e4-b5b5-4b6c05e40d85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mmrmskrz6k2p", "content": "\ud83d\udea8 A serious security flaw called \"BadHost\" (CVE-2026-48710) was just disclosed. It affects FastAPI, vLLM, LiteLLM, and most apps built on Starlette.\nRead Details- www.cyberkendra.com/2026/05/badh...\nPass this on to your dev team if they ship Python APIs. \ud83d\ude4f", "creation_timestamp": "2026-05-26T18:30:45.875104Z"}, {"uuid": "6071d501-cc13-4d8e-b6d9-d22e79119a84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3mmrvt6536k2a", "content": "Millions of AI agents are exposed due to the \u201cBadHost\u201d vulnerability (CVE-2026-48710) in Starlette, used by FastAPI and vLLM. Versions prior to 1.0.1 allow trivial HTTP Host header exploits.\narstechnica.com/information-...", "creation_timestamp": "2026-05-26T21:12:04.800829Z"}, {"uuid": "5f5935bb-8432-4e4d-9d78-f1290d3c9aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmshngckkv2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-45584: 65 interactions\nCVE-2026-46727: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48710: 11 interactions\nCVE-2026-28952: 3 interactions\nCVE-2026-45659: 3 interactions\n", "creation_timestamp": "2026-05-27T02:30:57.994377Z"}, {"uuid": "58252923-febb-418f-8929-01816e7bb915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aibearnews.bsky.social/post/3mmrvomkxuy2q", "content": "\ud83d\udea8 Una falla critica mette a rischio milioni di AI agenti\n\nCVE-2026-48710 colpisce Starlette, base di FastAPI (325M download a settimana).\nUn carattere ruba credenziali da MCP e LiteLLM.\nAggiorna a Starlette 1.0.1\n\nFonte: arstechnica.com\n\nSegui\n\n#IA #Cybersecurity\n \ud83d\udd12 \ud83d\udc0d \ud83d\udce2", "creation_timestamp": "2026-05-26T21:09:30.088880Z"}, {"uuid": "0d47d335-77f9-4c33-b3d3-2ec797c20a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/agentwyre.ai/post/3mmryxw33pt2s", "content": "\ud83d\udd34 BadHost in Starlette puts FastAPI, vLLM, LiteLLM, and MCP servers at risk of auth bypass\n\nA newly disclosed Starlette flaw, CVE-2026-48710,...\n\nhttps://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/\n\n#AI #AgentWyre", "creation_timestamp": "2026-05-26T22:08:23.293861Z"}, {"uuid": "6ae6c23f-8a61-4073-bd31-943c9f8526ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmsdhpsf2h2v", "content": "CVE-2026-48710 - Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks\nCVE ID : CVE-2026-48710\n \n Published : May 26, 2026, 10:16 p.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : Starlette is a lightweight ASGI framewor...", "creation_timestamp": "2026-05-27T01:16:10.898407Z"}, {"uuid": "2ab5ac80-bd6b-4910-91e1-ffb4e491dd73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/true_secator/8247", "content": "\u0412 \u043c\u0430\u043b\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0433\u043e \u041f\u041e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0434\u043b\u044f \u0418\u0418, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0443\u0441\u043b\u043e\u0432\u043d\u043e\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 BadHost (\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-48710), \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f Starlette, \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043d\u0430 Python \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041f\u0440\u043e\u0449\u0435 \u0433\u043e\u0432\u043e\u0440\u044f, \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u00ab\u043e\u0431\u043c\u0430\u043d\u0443\u0442\u044c\u00bb \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0438\u0445 \u043a \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c\u0443 URL-\u0430\u0434\u0440\u0435\u0441\u0443 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0442\u0441\u044f \u043a \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c, \u043e\u0442\u043a\u0443\u0434\u0430 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0438\u043b\u0438 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041d\u0435\u043c\u0435\u0446\u043a\u0430\u044f X41 D-Sec \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u043d\u0435\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443, \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0432 \u043f\u043e\u043b\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a: \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u043b\u0435\u0433\u043a\u043e \u0441\u043e\u0431\u0440\u0430\u0442\u044c, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u043d\u0430\u044e\u0442, \u043a \u043a\u0430\u043a\u0438\u043c \u0447\u0430\u0441\u0442\u044f\u043c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e API \u043e\u043d\u0438 \u0445\u043e\u0442\u044f\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f: GET\u00a0/privateendpoint HTTP/1.1 \u0438 Host:\u00a0example.com/public?bar=.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Starlette \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043d\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0418\u0418, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u0430.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a Starlette \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0430\u0436\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u043c \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432, \u043a\u0430\u043a LiteLLM, vLLM, \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0434\u043b\u044f \u0418\u0418, \u0441\u0435\u0440\u0432\u0435\u0440\u044b MCP \u0438 \u0434\u0430\u0436\u0435 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0438 \u0434\u043b\u044f \u0430\u0433\u0435\u043d\u0442\u043e\u0432 \u0418\u0418.\n\nX41 D-Sec \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0418 \u043a \u0430\u0442\u0430\u043a\u0430\u043c \u0442\u0438\u043f\u0430 BadHost.", "creation_timestamp": "2026-05-27T11:18:38.000000Z"}, {"uuid": "e9aaad77-84cf-4200-92e1-b99d4caf0bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mmsxhp2mdy2s", "content": "BadHost \u2013 CVE-2026-48710 Starlette Host-Header Auth Bypass\n\nDiscussion", "creation_timestamp": "2026-05-27T07:14:05.666266Z"}, {"uuid": "763403af-cd8c-41c9-842c-4e59a827ee34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mmsxlcnily2g", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\nDiscussion | hackernews | Author: ylk", "creation_timestamp": "2026-05-27T07:16:06.406343Z"}, {"uuid": "348ba34f-ccc8-4ece-ab2d-e9ac6b677633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mmsxmzlf6k2t", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\ncomments \u00b7 posted on 2026.05.26 at 05:07:18 (c=3, p=14)", "creation_timestamp": "2026-05-27T07:17:04.210724Z"}, {"uuid": "ca12435c-450b-4bbb-a0d0-849db7558a18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackernewstop5.bsky.social/post/3mmt2wi4qcz24", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\n\n#HackerNews\n\nhttps://badhost.org/", "creation_timestamp": "2026-05-27T08:16:03.467871Z"}, {"uuid": "719ada30-c8b1-42b8-87fd-1e2f961ffd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mmt35nop3s2y", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass | Discussion", "creation_timestamp": "2026-05-27T08:20:02.966960Z"}, {"uuid": "f5357133-fca7-4be6-bdb1-eed368e470ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/humanghostemoji.bsky.social/post/3mmt43k6gjs23", "content": "Millions of AI agents are exposed due to the \u201cBadHost\u201d vulnerability (CVE-2026-48710) in Starlette, used by FastAPI and vLLM. Versions prior to 1.0.1 allow trivial HTTP Host header exploits.\narstechnica.com/information-...", "creation_timestamp": "2026-05-27T08:36:46.102230Z"}, {"uuid": "41603efb-a674-461d-8aa8-89ce7f4010fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mmt5jetana2a", "content": "CVE-2026-48710 in Starlette enables HTTP Host header manipulation to bypass access controls, risking internal server exposure and credential access for AI agents.\n", "creation_timestamp": "2026-05-27T09:02:25.137022Z"}, {"uuid": "382d9562-bba2-44c6-b7cf-805b8329e1ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mmt5zygnj22b", "content": "Critical Security Alert BadHost Authentication Bypass Vulnerability CVE-2026-48710 Found in Starlette Framework Impacting AI Infrastructure #appsec", "creation_timestamp": "2026-05-27T09:11:41.286947Z"}, {"uuid": "aecfc032-5a64-4ba6-8d1e-48a55742bfa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/xakep_ru/19433", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c BadHost \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Starlette \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-48710, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u043e\u043c Python-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Starlette \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 BadHost. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Starlette \u043b\u0435\u0436\u0438\u0442 \u0432 \u043e\u0441\u043d\u043e\u0432\u0435 FastAPI \u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0418\u0418-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0440\u0438\u0441\u043a\u0438 \u0434\u043b\u044f \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432, \u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u0430\u0433\u0430 \u0441\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u043a \u043e\u0434\u043d\u043e\u043c\u0443 \u0441\u0438\u043c\u0432\u043e\u043b\u0443 \u0432 HTTP-\u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 Host.\n\nhttps://xakep.ru/2026/05/27/badhost/", "creation_timestamp": "2026-05-27T08:36:11.000000Z"}, {"uuid": "2344bb84-82be-4ec3-a35e-e8c5028b4726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmtb4khfno23", "content": "\ud83d\udd12 Millions of AI agents imperiled by critical vulnerability in open source package\n\nA critical vulnerability, named \"BadHost\" (CVE-2026-48710), has been discovered in the Starlette ...\n\nhttps://tinyurl.com/32dpwrys #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-27T10:06:48.179922Z"}, {"uuid": "b15b679d-ba2a-49ea-8d06-26fff9b332f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mmtbfxg2bb2t", "content": "\ud83d\udd12 Millions of BO agents imperiled by critical vulnerability in open source package\n\nA critical vulnerability, named \"BadHost\" (CVE-2026-48710), has been discovered in the Starlette ...\n\nhttps://tinyurl.com/32dpwrys #PotatoSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-27T10:12:05.200701Z"}, {"uuid": "a8187bc4-8721-4990-b8d1-d362be416ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmtjlxivf52g", "content": "BadHost\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001AI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30b5\u30fc\u30d0\u30fc\u306e\u6a5f\u5bc6\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u304c\u653b\u6483\u8005\u306b\u9732\u51fa\n\nStarlette\u30a6\u30a7\u30d6\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u306b\u300cBadHost\u300d\uff08CVE-2026-48710\uff09\u3068\u547c\u3070\u308c\u308b\u91cd\u5927\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u3001\u6570\u5343\u3082\u306eAI\u642d\u8f09\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304a\u3088\u3073API\u30b5\u30fc\u30d3\u30b9\u304c\u653b\u6483\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \u3053\u306e\u6b20\u9665\u306f\u3001OSTIF\u304c\u652f\u63f4\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u306b\u304a\u3044\u3066X41 D-Sec\u306b\u3088\u3063\u3066\u767a\u898b\u3055\u308c\u305f\u3082\u306e\u3067\u3001", "creation_timestamp": "2026-05-27T12:38:35.201109Z"}, {"uuid": "5626dfeb-85cb-42ab-9834-0f602b1f9d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mmtloq3ryd2g", "content": "A new critical vulnerability, BadHost (CVE-2026-48710), in the Starlette web framework allows authentication bypass through Host header manipulation. This isn't just a theoretical flaw; it poses a significant risk to AI systems\u2026\n\nhttps://www.tpp.blog/1mchjk7\n\n#cybersecurity #starlette #cve202648710", "creation_timestamp": "2026-05-27T13:15:55.974455Z"}, {"uuid": "0282b691-124b-4036-ac8d-07a26e3b05d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mmtm5bwv5y2q", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass (badhost.org)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-27T13:24:06.449710Z"}, {"uuid": "500b4652-6a54-4b25-b563-d498b0abecfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmuy3mednn24", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-46333: 18 interactions\nCVE-2026-69: 18 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48095: 11 interactions\nCVE-2026-48710: 4 interactions\nCVE-2026-1933: 3 interactions\n", "creation_timestamp": "2026-05-28T02:30:33.020696Z"}, {"uuid": "d64b5359-3739-4f9b-b96d-826682d62070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmttla2wfj2u", "content": "A critical vulnerability, tracked as CVE-2026-48710 and named BadHost, affects Starlette, an open-source framework with 325 million weekly downloads. This flaw allows attackers to exploit servers running AI agents, compromising sensitive data and credentials. Affected versions are prior to 1.0.", "creation_timestamp": "2026-05-27T15:37:09.201648Z"}, {"uuid": "16405ebc-482f-462b-aff8-df2c2f03b4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3mmty7qy5kqh2", "content": "Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints A newly disclosed critical vulnerability, tracked as CVE-2026-48710 and dubbed \u201cBadHost,\u201d is putting thousands of AI-...\n\n#AI #Cyber #Security #News #Vulnerability #cyber [\u2026] \n\n[Original post on cybersecuritynews.com]", "creation_timestamp": "2026-05-27T17:00:43.626114Z"}, {"uuid": "828bf23e-80b8-4a49-ad41-136a025bedf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mmtrk6jds322", "content": "BadHost \u2013 CVE-2026-48710: Starlette Host-Header Auth Bypass\nhttps://badhost.org/\n\nhttps://news.ycombinator.com/item?id=48277107", "creation_timestamp": "2026-05-27T15:00:45.414936Z"}, {"uuid": "6f5d2984-d051-4c4e-9b6e-c140fb1f1fea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/aiweekly.bsky.social/post/3mmtrrtn4r72y", "content": "\ud83d\udea8 2 AI alerts:\n\u2192 BNP Paribas Works With Mistral AI to Build European Cybersecurity Defense\u2026\n\u2192 CVE-2026-48710 'BadHost': Critical Starlette Auth-Bypass Imperils Millions of\u2026\n\nhttps://aiweekly.co/ai-news-today?utm_source=bluesky", "creation_timestamp": "2026-05-27T15:05:04.898492Z"}, {"uuid": "c91e3dd0-c21a-4cc1-a543-10bd249af774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/hackmag.com/post/3mmvagyksh22s", "content": "\ud83d\udfe2 BadHost vulnerability in the Starlette framework poses a threat to AI agents\n\n\ud83d\udde8\ufe0f Researchers are warning about a critical vulnerability, CVE-2026-48710, discovered in the open-source Starlette framewor\u2026\n\n#news", "creation_timestamp": "2026-05-28T05:00:04.988037Z"}, {"uuid": "4ffeca87-e3af-4048-8da5-7630cbce0e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48710", "type": "seen", "source": "https://bsky.app/profile/barredspirals.comint.su/post/3mmv4k56npckp", "content": "snake cultists just can't stop winning https://www.cyberkendra.com/2026/05/badhost-cve-2026-48710-one-rogue-header.html", "creation_timestamp": "2026-05-28T03:50:17.710705Z"}, {"uuid": "48d9851b-7280-4409-9a93-9b935d908068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "Telegram/XPzjER_VXnqDaL0x3el2A57nJCguhK8qowmsl0HK-KFshHo", "content": "", "creation_timestamp": "2026-05-27T21:09:44.000000Z"}, {"uuid": "edfcdaac-d6f9-4657-9696-7f4fab19eb46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://t.me/GithubRedTeam/86224", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a BadHost-CVE-2026-48710-Exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Bhanunamikaze\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-28 09:59:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-28T10:00:04.000000Z"}, {"uuid": "db696083-5854-4010-9ab3-05a9275c8dcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mmz4cnayqv2u", "content": "CVE-2026-48710: A Maintainer's Perspective\nDiscussion | lobsters | Author: gi0baro", "creation_timestamp": "2026-05-29T17:56:42.587905Z"}, {"uuid": "af0b9594-8e31-4da4-932a-d971eb0279fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmz4swfbr52b", "content": "\ud83d\udd12 CVE-2026-48710: A Maintainer's Perspective\n\nCVE-2026-48710 describes a Starlette vulnerability where manipulating the `Host` header can cause `request.url.path` to differ from the...\n\nhttps://tinyurl.com/zatfcn8k #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-29T18:05:48.740920Z"}, {"uuid": "278cd667-0af5-4d5e-810b-ee56d0872f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/foursignalsdev.bsky.social/post/3mnadtt3bpv2l", "content": "BadHost (CVE-2026-48710) bypasses Starlette auth via malformed Host headers. Affects 325M weekly downloads, exposing AI agents, LLM gateways, and MCP servers. Patch Starlette and enforce Host validation at edge.", "creation_timestamp": "2026-06-01T15:02:22.806416Z"}, {"uuid": "3b5d7360-4bf0-4c24-91db-66f39266ce4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48710", "type": "seen", "source": "https://gist.github.com/ftnext/074404c5d80f15c7c37295f2b36e5516", "content": "# https://github.com/ftnext/fastapi-playground/blob/aeda2c2992f446a58bf43f176b31ad523d85715f/starlette-cve-2026-48710-badhost/run_fastapi_app.py\nfrom fastapi import FastAPI, Request\nfrom fastapi.responses import PlainTextResponse\nfrom fastapi.testclient import TestClient\n\napp = FastAPI()\n\n\n@app.middleware(\"http\")\nasync def auth_middleware(request: Request, call_next):\n print(f\"{request.url=}, {request.url.path=}\")\n if request.url.path == \"/\":\n return await call_next(request)\n return PlainTextResponse(\"Forbidden\\n\", status_code=403)\n\n\n@app.get(\"/\")\nasync def root():\n return PlainTextResponse(\"Hello, world\\n\")\n\n\n@app.get(\"/admin\")\nasync def admin():\n return PlainTextResponse(\"secret=123\\n\")\n\n\nclient = TestClient(app)\n\nres1 = client.get(\"/admin\", headers={\"Host\": \"foo\"})\nassert res1.status_code == 403, f\"{res1.text=}\"\nres2 = client.get(\"/admin\", headers={\"Host\": \"foo/?\"})\nassert res2.status_code == 403, f\"{res2.text=}\"\n", "creation_timestamp": "2026-05-30T13:26:41.000000Z"}, {"uuid": "56ba7423-78aa-45fb-af7c-4760e111e4d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48710", "type": "seen", "source": "https://gist.github.com/ftnext/5e100b157e57e68e4c1aee0f43da8593", "content": "# https://github.com/ftnext/fastapi-playground/blob/aeda2c2992f446a58bf43f176b31ad523d85715f/starlette-cve-2026-48710-badhost/run_starlette_app.py\nfrom starlette.applications import Starlette\nfrom starlette.middleware import Middleware\nfrom starlette.middleware.base import BaseHTTPMiddleware\nfrom starlette.responses import PlainTextResponse\nfrom starlette.routing import Route\nfrom starlette.testclient import TestClient\n\n\nclass AuthMiddleware(BaseHTTPMiddleware):\n async def dispatch(self, request, call_next):\n print(f\"{request.url=}, {request.url.path=}\")\n if request.url.path == \"/\":\n return await call_next(request)\n return PlainTextResponse(\"Forbidden\\n\", status_code=403)\n\n\nasync def root(request):\n return PlainTextResponse(\"Hello, world\\n\")\n\n\nasync def admin(request):\n return PlainTextResponse(\"secret=123\\n\")\n\n\nroutes = [\n Route(\"/\", endpoint=root),\n Route(\"/admin\", endpoint=admin),\n]\napp = Starlette(routes=routes, middleware=[Middleware(AuthMiddleware)])\n\nclient = TestClient(app)\n\nres1 = client.get(\"/admin\", headers={\"Host\": \"foo\"})\nassert res1.status_code == 403, f\"{res1.text=}\"\nres2 = client.get(\"/admin\", headers={\"Host\": \"foo/?\"})\nassert res2.status_code == 403, f\"{res2.text=}\"\n", "creation_timestamp": "2026-05-30T13:28:23.000000Z"}, {"uuid": "b2a75a7b-5e7e-4257-94fc-5fc1430a8af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48710", "type": "seen", "source": "https://gist.github.com/ftnext/024e0a57b95821714e2c6081d3e6d533", "content": "# https://github.com/ftnext/fastapi-playground/blob/eb6dd9b7861ced2168a24d7c27647af0e4b5f175/starlette-cve-2026-48710-badhost/run_starlette_app.py\n# https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/\nfrom starlette.applications import Starlette\nfrom starlette.middleware import Middleware\nfrom starlette.middleware.base import BaseHTTPMiddleware\nfrom starlette.responses import PlainTextResponse\nfrom starlette.routing import Route\nfrom starlette.testclient import TestClient\n\n\nclass AuthMiddleware(BaseHTTPMiddleware):\n async def dispatch(self, request, call_next):\n print(f\"{request.url=}, {request.url.path=}\")\n if request.url.path == \"\" or request.url.path == \"/\":\n return await call_next(request)\n return PlainTextResponse(\"Forbidden\\n\", status_code=403)\n\n\nasync def root(request):\n return PlainTextResponse(\"Hello, world\\n\")\n\n\nasync def admin(request):\n return PlainTextResponse(\"secret=123\\n\")\n\n\nroutes = [\n Route(\"/\", endpoint=root),\n Route(\"/admin\", endpoint=admin),\n]\napp = Starlette(routes=routes, middleware=[Middleware(AuthMiddleware)])\n\nclient = TestClient(app)\n\nres1 = client.get(\"/admin\", headers={\"Host\": \"foo\"})\nassert res1.status_code == 403, f\"{res1.text=}\"\nres2 = client.get(\"/admin\", headers={\"Host\": \"foo?\"})\nassert res2.status_code == 403, f\"{res2.text=}\"\n", "creation_timestamp": "2026-05-30T13:29:46.000000Z"}, {"uuid": "c43ee021-f484-49a8-a586-c204e8b77351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/spinscale.bsky.social/post/3mna4vsvu2r2t", "content": "CVE-2026-48710: A Maintainer's Perspective\n\nInteresting story about a CVE notification from a non-paid open source maintainer perspective, where the other side treated him more as a full time worker on the project.\n\nmarcelotryle.com/blog/2026/05...", "creation_timestamp": "2026-06-01T12:56:04.438942Z"}, {"uuid": "71b83e79-ae79-49b5-87aa-e76247e59034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "Telegram/5hgQ8AKXX2p6Xv_JteDWfDLu6UEUErMaTbIKv1z5cXU-g7Q", "content": "", "creation_timestamp": "2026-05-28T15:00:08.000000Z"}, {"uuid": "7e63f9e0-b920-406a-8fb1-2b1269a27a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/foursignalsdev.bsky.social/post/3mncucpzhy62e", "content": "BadHost CVE bypasses Starlette auth via Host headers. Compromises AI agents, LLM gateways, MCP servers. Patch CVE-2026-48710 now.", "creation_timestamp": "2026-06-02T15:00:12.676985Z"}, {"uuid": "6a5ece0a-260e-4a1e-9051-35b59ba207d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "Telegram/mMN-AjvGpcaE-zo6q0YmV9Qj204A53PE-cWPysE2p8vK_VY", "content": "", "creation_timestamp": "2026-05-28T11:00:13.000000Z"}, {"uuid": "b41a285d-2b2e-4404-8a41-fea601a6f7f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://gist.github.com/friendsalot66-cpu/3722f04aecdb9983a217a43114ed0f2d", "content": "\n\n\n\n\n\n * { margin: 0; padding: 0; box-sizing: border-box; }\n body {\n font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, sans-serif;\n line-height: 1.6;\n color: #333;\n background-color: #f4f7f6;\n overflow: hidden;\n height: 100dvh;\n }\n .snap-container {\n height: 100dvh;\n overflow-y: scroll;\n scroll-snap-type: y mandatory;\n scroll-behavior: smooth;\n }\n .snap-section {\n height: 100dvh;\n scroll-snap-align: start;\n scroll-snap-stop: always;\n display: flex;\n flex-direction: column;\n justify-content: center;\n align-items: center;\n padding: 0 15px;\n }\n .content-card {\n max-width: 800px;\n background: #fff;\n padding: 30px 25px;\n border-radius: 12px;\n box-shadow: 0 4px 15px rgba(0,0,0,0.1);\n width: 100%;\n max-height: 90vh;\n overflow-y: auto;\n }\n h1 { color: #2c3e50; border-bottom: 3px solid #3498db; padding-bottom: 12px; margin-top: 0; font-size: 1.5em; }\n h2.category { color: #e67e22; margin-top: 0; border-bottom: 1px solid #eee; padding-bottom: 8px; font-size: 1.2em; }\n h3.headline { color: #2980b9; margin-bottom: 8px; font-size: 1.15em; }\n ul { margin-top: 8px; padding-left: 22px; }\n li { margin-bottom: 10px; color: #444; }\n .footer { margin-top: 45px; font-size: 0.9em; color: #95a5a6; border-top: 1px solid #eee; padding-top: 20px; text-align: center; }\n .subtitle { color: #7f8c8d; font-size: 1.0em; font-style: italic; margin-bottom: 20px; }\n .summary-box { background: #e8f4f8; padding: 15px; border-radius: 8px; margin-bottom: 20px; border-left: 4px solid #3498db; }\n .summary-box h2 { margin-top: 0; font-size: 1.1em; color: #2c3e50; margin-bottom: 10px; }\n .summary-table { width: 100%; border-collapse: collapse; margin-top: 10px; background: #fff; }\n .summary-table th, .summary-table td { border: 1px solid #bdd4e7; padding: 8px; text-align: left; font-size: 0.9em; }\n .summary-table th { background-color: #d1e8f2; color: #2c3e50; font-weight: 600; }\n .highlight-box { background-color: #f0f7fb; border-left: 5px solid #2980b9; padding: 15px; margin: 15px 0; border-radius: 0 8px 8px 0; }\n\n\n\n \n\n\n \n\n \n\n \n\ud83d\udcf0 AI \u65b0\u805e\u91cd\u9ede \u2014 2026 \u5e74 06 \u6708 01 \u65e5\n \n\u4eca\u65e5 11 \u5247\u4f60\u6700\u9700\u8981\u77e5\u5605 AI \u65b0\u805e\n \n\n \n\ud83d\udccb \u4eca\u65e5\u65b0\u805e\u901f\u89bd\n \n\n StoryCompanyWhy It Matters\n \n \ud83c\udfe6 Apollo and Blackstone's $36 Billion Google TPU Debt Deal -- The Largest Chip-Financing Transaction in History (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5On May 28, 2026, Bloomberg reported that Apollo Global Management and Blackstone are structuring a $36 billion private credit deal to buy Google custom TPU (Tensor Processing Unit) chips on behalf of Anthropic\u3002(\u6458\u8981)\ud83c\udfe6 SoftBank Commits \u20ac75 Billion to Build AI Data Centers in France (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5SoftBank Group announced at the 2026 Choose France summit hosted by President Emmanuel Macron on May 30 that it will invest up to \u20ac75 billion ($87\u3002(\u6458\u8981)\ud83d\udd0d Wikipedia Editors Organize Strike Over AI-Driven Wikimedia Layoffs (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Wikipedia volunteer editors are organizing a strike over Wikimedia Foundation layoffs that editors attribute to AI-driven cost-cutting\u3002(\u6458\u8981)\ud83e\udde0 Demis Hassabis Shifts AGI Timeline to 2029, Calling It a \"Real Possibility\" (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Google DeepMind CEO Demis Hassabis publicly shifted his AGI (Artificial General Intelligence) arrival estimate to 2029, calling it \"a real possibility\" in media interviews this week\u3002(\u6458\u8981)\ud83e\udde0 OpenAI Launches Rosalind Biodefense Program for US Government Pandemic Preparedness (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5OpenAI launched the Rosalind Biodefense Program on May 29, 2026, expanding GPT-Rosalind access to US government agencies and allied partners for pandemic preparedness applications\u3002(\u6458\u8981)\u2601\ufe0f Foundation's Phantom Humanoid Robots Deployed to Ukraine -- First Combat-Theater Humanoid Deployment (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Foundation Future Industries deployed its Phantom MK-1 humanoid robots to Ukraine for battlefield testing, marking the first combat-theater deployment of humanoid robots in history\u3002(\u6458\u8981)\ud83d\udcbb GitHub Copilot Token Billing Goes Live Today -- \"What a Joke\" Is Trending on Reddit and X (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Today, June 1, 2026, is the day GitHub Copilot switched from flat subscription pricing to token-based billing across all plans\u3002(\u6458\u8981)\ud83e\udd16 Sysdig Documents First Confirmed LLM Agent Cyberattack -- AWS Database Exfiltrated Autonomously in Under an Hour (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Security firm Sysdig documented the first live cyberattack in which an LLM agent autonomously performed post-exploitation actions -- including exfiltrating an AWS database -- in under an hour\u3002(\u6458\u8981)\ud83d\udcbb Microsoft Build 2026 Opens Tomorrow -- What to Watch and How to Stream Free (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Microsoft Build 2026 opens tomorrow, June 2, at Fort Mason Center in San Francisco\u3002(\u6458\u8981)\ud83d\udcca Anthropic Raised $65 Billion at a $965 Billion Valuation -- The Largest AI Round in History (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Bloomberg confirmed on May 29, 2026, that Anthropic raised $65 billion in a funding round that valued the company at $965 billion post-money -- surpassing OpenAI's $852 billion private market valuation for the first time and making it the most valuable private AI company in the world\u3002(\u6458\u8981)\ud83d\udcca Cognition's Devin Raised $1 Billion at $26 Billion -- Revenue Grew 1,230% in 12 Months (\u7ffb\u8b6f\u6a19\u984c)\u672a\u77e5Cognition, the startup behind Devin (the autonomous AI software engineer), announced on May 28, 2026, that it has raised more than $1 billion at a $25 billion pre-money / $26 billion post-money valuation\u3002(\u6458\u8981)\n \n \n \n \n \n\n \n \n\n \n\n \n\ud83c\udfe6 \ud83c\udfe6 \u91d1\u878d\u6a5f\u69cb\n \n\n \nApollo and Blackstone's $36 Billion Google TPU Debt Deal -- The Largest Chip-Financing Transaction in History (\u7ffb\u8b6f\u6a19\u984c)\n \n\nOn May 28, 2026, Bloomberg reported that Apollo Global Management and Blackstone are structuring a $36 billion private credit deal to buy Google custom TPU (Tensor Processing Unit) chips on behalf of Anthropic\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe debt structure is divided into three tranches: approximately $6 billion in A1 notes, $25 billion in A2 notes, and $4\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe strategic logic: Anthropic does not have to put the $36 billion on its own balance sheet\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n \n\n \n\n \n\n \n\ud83c\udfe6 \ud83c\udfe6 \u91d1\u878d\u6a5f\u69cb\n \n\n \nSoftBank Commits \u20ac75 Billion to Build AI Data Centers in France (\u7ffb\u8b6f\u6a19\u984c)\n \n\nSoftBank Group announced at the 2026 Choose France summit hosted by President Emmanuel Macron on May 30 that it will invest up to \u20ac75 billion ($87\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nMasayoshi Son, SoftBank's founder, said: \"AI is entering a new era, and the countries that build the infrastructure for this transformation will shape the future of technology, industry and society\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThis is Europe's largest single announced AI infrastructure investment\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n \n\n \n\n \n\n \n\ud83d\udd0d \ud83d\udd0d \u5be9\u8a08\u8207\u76e3\u7ba1\n \n\n \nWikipedia Editors Organize Strike Over AI-Driven Wikimedia Layoffs (\u7ffb\u8b6f\u6a19\u984c)\n \n\nWikipedia volunteer editors are organizing a strike over Wikimedia Foundation layoffs that editors attribute to AI-driven cost-cutting\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe situation puts in sharp relief a tension that has been building across knowledge institutions: AI can generate content, summarize sources, and identify factual inconsistencies at scale\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nWikipedia is one of the world's most-cited information sources for AI training data\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n \n\n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \nDemis Hassabis Shifts AGI Timeline to 2029, Calling It a \"Real Possibility\" (\u7ffb\u8b6f\u6a19\u984c)\n \n\nGoogle DeepMind CEO Demis Hassabis publicly shifted his AGI (Artificial General Intelligence) arrival estimate to 2029, calling it \"a real possibility\" in media interviews this week\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe 2029 estimate should be interpreted carefully\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe broader industry context: Jack Clark (Anthropic) said 60%+ probability of recursive self-improvement by end of 2028\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \nOpenAI Launches Rosalind Biodefense Program for US Government Pandemic Preparedness (\u7ffb\u8b6f\u6a19\u984c)\n \n\nOpenAI launched the Rosalind Biodefense Program on May 29, 2026, expanding GPT-Rosalind access to US government agencies and allied partners for pandemic preparedness applications\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe program gives government agencies access to GPT-Rosalind for: pandemic outbreak modeling, pathogen surveillance and variant identification, vaccine candidate prioritization, and public health response scenario planning\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe naming choice is deliberate\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\u2601\ufe0f \u2601\ufe0f \u4f01\u696d AI / \u57fa\u5efa\n \nFoundation's Phantom Humanoid Robots Deployed to Ukraine -- First Combat-Theater Humanoid Deployment (\u7ffb\u8b6f\u6a19\u984c)\n \n\nFoundation Future Industries deployed its Phantom MK-1 humanoid robots to Ukraine for battlefield testing, marking the first combat-theater deployment of humanoid robots in history\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe deployment is described as \"testing\" rather than active combat operations -- the robots are being evaluated for logistics tasks such as carrying supplies, clearing debris, and conducting damage assessments in areas too dangerous for human personnel\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe deployment crosses a threshold that has been approaching since Boston Dynamics's Spot and similar platforms were deployed for surveillance: fully humanoid robots, capable of bipedal movement and dexterous manipulation, operating in an active combat theater\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83d\udcbb \ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nGitHub Copilot Token Billing Goes Live Today -- \"What a Joke\" Is Trending on Reddit and X (\u7ffb\u8b6f\u6a19\u984c)\n \n\nToday, June 1, 2026, is the day GitHub Copilot switched from flat subscription pricing to token-based billing across all plans\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nWhy the cost increase? Token-based billing charges for exactly what gets consumed\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe defenders of the change are also real: experienced developers who manage their prompts efficiently report that their costs are flat or even lower under the new model\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83e\udd16 \ud83e\udd16 AI \u4ee3\u7406 / \u6846\u67b6\n \nSysdig Documents First Confirmed LLM Agent Cyberattack -- AWS Database Exfiltrated Autonomously in Under an Hour (\u7ffb\u8b6f\u6a19\u984c)\n \n\nSecurity firm Sysdig documented the first live cyberattack in which an LLM agent autonomously performed post-exploitation actions -- including exfiltrating an AWS database -- in under an hour\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nCVE-2026-48710, labeled \"BadHost,\" is a host header injection vulnerability that allows unauthenticated remote attackers to bypass authentication by manipulating the HTTP Host header\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe implications are significant\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83d\udcbb \ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nMicrosoft Build 2026 Opens Tomorrow -- What to Watch and How to Stream Free (\u7ffb\u8b6f\u6a19\u984c)\n \n\nMicrosoft Build 2026 opens tomorrow, June 2, at Fort Mason Center in San Francisco\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe three things to watch most closely:\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nMAI coding model announcement: Reuters and The Information confirmed Microsoft will unveil homegrown AI models including a coding model to strengthen GitHub Copilot\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83d\udcca \ud83d\udcca \u5e02\u5834\u8207\u8ca1\u7d93\n \nAnthropic Raised $65 Billion at a $965 Billion Valuation -- The Largest AI Round in History (\u7ffb\u8b6f\u6a19\u984c)\n \n\nBloomberg confirmed on May 29, 2026, that Anthropic raised $65 billion in a funding round that valued the company at $965 billion post-money -- surpassing OpenAI's $852 billion private market valuation for the first time and making it the most valuable private AI company in the world\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe structure: the round involved not just equity but an associated $36 billion private credit facility from Apollo Global Management and Blackstone (covered separately in the next story)\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe Sequoia / Dragoneer / Altimeter / Greenoaks co-lead structure from the initial $30 billion round remained intact\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n \n\n \n\n \n\ud83d\udcca \ud83d\udcca \u5e02\u5834\u8207\u8ca1\u7d93\n \nCognition's Devin Raised $1 Billion at $26 Billion -- Revenue Grew 1,230% in 12 Months (\u7ffb\u8b6f\u6a19\u984c)\n \n\nCognition, the startup behind Devin (the autonomous AI software engineer), announced on May 28, 2026, that it has raised more than $1 billion at a $25 billion pre-money / $26 billion post-money valuation\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe revenue trajectory is the story\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\nThe valuation jump is dramatic: from $10\u3002(\u7ffb\u8b6f\u6210\u9999\u6e2f\u7cb5\u8a9e)\n \n \n\n\n \n\n \n\n \n\ud83d\udcf0 \u4f86\u6e90\uff1aBuild Fast with AI | Delivered: 2026-06-03 08:05 HKT\n \n \n\n \n\n\n", "creation_timestamp": "2026-06-03T00:05:32.000000Z"}, {"uuid": "fa14a6f7-e862-4c8e-9a39-3e394c2cc275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://gist.github.com/friendsalot66-cpu/d3992f0cb96eca4c4a660edee517701e", "content": "\n\n\n\n\nAI News Digest - 2026\u5e746\u67083\u65e5\n\n body { font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, sans-serif; line-height: 1.6; color: #333; margin: 0; background-color: #f4f7f6; overflow: hidden; height: 100dvh; }\n .snap-container { height: 100dvh; overflow-y: scroll; scroll-snap-type: y mandatory; scroll-behavior: smooth; }\n .snap-section { height: 100dvh; scroll-snap-align: start; scroll-snap-stop: always; display: flex; flex-direction: column; justify-content: center; align-items: center; padding: 0 15px; box-sizing: border-box; }\n .content-card { max-width: 800px; background: #fff; padding: 30px; border-radius: 12px; box-shadow: 0 4px 15px rgba(0,0,0,0.1); width: 100%; box-sizing: border-box; max-height: 90vh; overflow-y: auto; }\n h1 { color: #2c3e50; border-bottom: 3px solid #3498db; padding-bottom: 12px; margin-top: 0; font-size: 1.5em; }\n h2.category { color: #e67e22; margin-top: 0; border-bottom: 1px solid #eee; padding-bottom: 8px; font-size: 1.2em; }\n h3.headline { color: #2980b9; margin-bottom: 8px; font-size: 1.15em; }\n ul { margin-top: 8px; padding-left: 22px; }\n li { margin-bottom: 10px; color: #444; }\n .footer { margin-top: 45px; font-size: 0.9em; color: #95a5a6; border-top: 1px solid #eee; padding-top: 20px; text-align: center; }\n .subtitle { color: #7f8c8d; font-size: 1.0em; font-style: italic; margin-bottom: 20px; }\n .summary-box { background: #e8f4f8; padding: 15px 20px; border-radius: 8px; margin-bottom: 20px; border-left: 4px solid #3498db; }\n .summary-box h2 { margin-top: 0; font-size: 1.1em; color: #2c3e50; margin-bottom: 10px; }\n .summary-table { width: 100%; border-collapse: collapse; margin-top: 10px; background: #fff; }\n .summary-table th, .summary-table td { border: 1px solid #bdd4e7; padding: 8px; text-align: left; font-size: 0.9em; }\n .summary-table th { background-color: #d1e8f2; color: #2c3e50; font-weight: 600; }\n .highlight-box { background-color: #f0f7fb; border-left: 5px solid #2980b9; padding: 15px 20px; margin: 15px 0; border-radius: 0 8px 8px 0; }\n\n\n\n\n\n\n \n\n \n\n \n\ud83d\udcf0 AI \u65b0\u805e\u91cd\u9ede \u2014 2026\u5e746\u67083\u65e5\n \n\u4eca\u65e5 15 \u5247\u4f60\u6700\u9700\u8981\u77e5\u5605 AI \u65b0\u805e\uff082026/06/03 Build \u7b2c\u4e8c\u65e5\u5831\u5c0e\uff09\n \n\n \n\ud83d\udccb \u4eca\u65e5\u65b0\u805e\u901f\u89bd\n \n\n StoryCompanyWhy It Matters\n \n \ud83e\udde0 MAI-Thinking-1\uff1aMicrosoft \u65d7\u8266\u63a8\u7406\u6a21\u578b\u8ffd\u8cbc Claude...\ud83e\udde0 LLMMustafa Suleyman \u55ba Build Day 2 \u6b63\u5f0f\u767c\u5e03 MAI-Thinking-1\uff0cMicrosoft...\n \ud83e\udde0 Aion 1.0 Instruct \u540c Plan\uff1aWindows \u5605\u672c\u5730\u5c0f\u578b\u8a9e\u8a00...\ud83e\udde0 LLMMicrosoft \u55ba Build 2026 \u63a8\u51fa\u5169\u500b\u65b0 on-device SLM\uff1aAion 1.0 Instruct...\n \ud83c\udfe6 Majorana 2\uff1aMicrosoft \u76ee\u6a19 2029 \u5e74\u91cf\u7522\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\ud83c\udfe6 \u91d1\u878d\u6a5f\u69cbNadella \u55ba Build keynote \u5c3e\u8072\u5ba3\u5e03 Majorana 2\u2014\u2014\u7b2c\u4e8c\u4ee3\u91cf\u5b50\u8655\u7406\u5668\u3002Majorana 1...\n \ud83e\udde0 MRC \u7db2\u7d61\u5354\u8b70\uff1aMicrosoft\u3001AMD\u3001Broadcom\u3001Intel\u3001Op...\ud83e\udde0 LLMMicrosoft \u55ba Build 2026 \u5ba3\u5e03 MRC \u5354\u8b70\u2014\u2014\u540c AMD\u3001Broadcom\u3001Intel\u3001OpenA...\n \ud83e\udde0 \u4e94\u6a21\u578b Code Review \u57fa\u6e96\u6e2c\u8a66\uff1a\u908a\u500b AI \u7747 Bug-Seeded ...\ud83e\udde0 LLMReddit \u4e0a\u9031\u71b1\u9580 benchmark\uff1a\u7528 Grok\u3001Claude Opus 4.8\u3001Sonnet 4.6\u3001GPT-...\n \u2601\ufe0f Surface RTX Spark Dev Box\uff1a1 Petaflop AI ...\u2601\ufe0f \u4f01\u696d AIMicrosoft \u767c\u5e03 Surface RTX Spark Dev Box\u2014\u2014\u57fa\u65bc NVIDIA RTX \u5605\u958b\u767c\u5de5\u4f5c\u7ad9...\n \u2601\ufe0f Microsoft + Mayo Clinic\uff1a\u70ba\u5168\u7403\u91ab\u7642\u5065\u5eb7\u6253\u9020 Fronti...\u2601\ufe0f \u4f01\u696d AIMayo Clinic CEO \u89aa\u81ea\u4e0a\u53f0\u5ba3\u5e03\u540c Microsoft \u5408\u4f5c\u958b\u767c\u300c\u5c08\u70ba\u91ab\u7642\u5065\u5eb7\u5605 frontier mode...\n \u2601\ufe0f Web IQ \u540c Azure HorizonDB\uff1aAgent \u4e92\u806f\u7db2\u667a\u80fd\u540c\u5c08\u7528 ...\u2601\ufe0f \u4f01\u696d AIWeb IQ\uff1aMicrosoft \u65b0 AI \u7cfb\u7d71\uff0c\u7540 agent \u5b58\u53d6\u7d50\u69cb\u5316\u5be6\u6642\u516c\u958b\u7db2\u7d61\u8cc7\u8a0a\uff08\u80a1\u50f9\u3001\u76e3\u7ba1\u66f4\u65b0\u3001\u65b0\u805e\uff09\uff0c\u540c...\n \u2601\ufe0f Maia 200 \u540c Cobalt 200\uff1aMicrosoft \u81ea\u5bb6\u6676\u7247\u6295\u7522\u540c\u9810...\u2601\ufe0f \u4f01\u696d AINadella \u78ba\u8a8d Maia 200\uff08\u7b2c\u4e8c\u4ee3 AI \u52a0\u901f\u5668\uff09\u5df2\u7d93\u55ba Iowa \u540c Arizona \u6295\u7522\uff0c\u4e0b\u4e00\u6b65\u64f4\u5c55\u5230\u610f...\n \ud83e\udd16 Scout\uff1a\u8de8\u6240\u6709\u5df2\u958b\u61c9\u7528\u7a0b\u5f0f\u5605 AI Agent\ud83e\udd16 AI \u4ee3\u7406Microsoft \u767c\u5e03 Scout\u2014\u2014\u55ba\u4f60\u5de5\u4f5c\u5605\u5730\u65b9\u5de5\u4f5c\uff0c\u7121\u8ad6\u4fc2\u54a9 app\u300d\u5605\u8de8\u61c9\u7528 AI agent\u3002\u76e3\u63a7\u4f60 des...\n \ud83d\udcbb Sam Altman \u55ba Stargate Michigan\uff1aCoding Mo...\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177CNBC \u8a2a\u554f Sam Altman \u55ba Stargate Michigan\u3002Altman \u8a71\u300cCoding model...\n \ud83d\udcbb \u4e2d\u570b Geedge Networks\uff1a\u7528 AI \u9810\u6e2c\u653f\u6cbb\u7570\u898b\u4eba\u58eb\uff08\u672a\u884c\u52d5\u524d\uff09\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\u4e2d\u570b AI \u516c\u53f8 Geedge Networks \u6b63\u5efa\u7acb AI \u7cfb\u7d71\uff0c\u7528\u884c\u70ba\u6578\u64da\u3001\u793e\u4ea4\u5a92\u9ad4\u6d3b\u52d5\u3001\u901a\u8a0a\u6a21\u5f0f\u9810\u6e2c\u908a\u500b\u6709\u53ef\u80fd\u6210...\n \ud83d\udcbb AI Prompt Injection 2026\uff1a\u76f4\u63a5\u8986\u84cb\u6210\u6b77\u53f2\uff0c\u591a\u6b65\u9a5f\u52ab\u6301\u6210\u4e3b...\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\u751f\u7522\u6578\u64da\u986f\u793a 2026 \u5e74 prompt injection \u653b\u64ca\u540c 2023 \u5e74\u5b8c\u5168\u5514\u540c\u30022023 \u5e74\u4e3b\u6d41\u4fc2\u76f4\u63a5\u8986\u84cb\u6307...\n \ud83d\udd2c Microsoft Discovery GA\uff1aAI \u81ea\u52d5\u8a2d\u8a08\u5be6\u9a57\u3001\u5beb\u8ad6\u6587\u3001\u63d0\u4ea4 ...\ud83d\udd2c \u7814\u7a76\u8207\u8da8\u52e2Microsoft Discovery \u79d1\u7814 AI \u5e73\u53f0\u6b63\u5f0f GA\u3002VP \u793a\u7bc4\u7528 Discovery \u6539\u5584\u5851\u81a0\u56de\u6536\u5316\u5b78\u2014...\n \ud83d\udcca SpaceX + Anthropic + OpenAI IPO \u6216\u70ba\u7f8e\u570b\u80a1\u5e02\u589e\u52a0...\ud83d\udcca \u5e02\u5834\u8207\u8ca1\u7d93The Economist \u5206\u6790\uff1a\u5982\u679c SpaceX\u3001Anthropic\u3001OpenAI \u4e09\u9593\u516c\u53f8\u90fd\u55ba 2026 \u5e74\u5b8c\u6210 ...\n \n \n \n \n \n\n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \nMAI-Thinking-1\uff1aMicrosoft \u65d7\u8266\u63a8\u7406\u6a21\u578b\u8ffd\u8cbc Claude Sonnet 4.6\n \n\n \nMustafa Suleyman \u55ba Build Day 2 \u6b63\u5f0f\u767c\u5e03 MAI-Thinking-1\uff0cMicrosoft AI \u5605\u65d7\u8266\u63a8\u7406\u6a21\u578b\u3002\u5b98\u65b9\u8072\u7a31\u300c\u55ba\u95dc\u9375\u8edf\u4ef6\u5de5\u7a0b\u57fa\u6e96\u8ffd\u8cbc\u9818\u5148\u6a21\u578b\uff0c\u76f2\u6e2c\u4e2d\u9054\u5230\u8207 Sonnet 4.6 \u5605\u4eba\u985e\u504f\u597d\u5e73\u624b\u300d\u2014\u2014\u5373\u4fc2\u540c Claude Sonnet 4.6 \u540c\u7d1a\uff0c\u800c\u5187\u8a71\u8d0f GPT-5.5 \u6216 Opus 4.8\u3002\n \n\u5c08\u70ba\u63a8\u7406\u5bc6\u96c6\u578b\u4efb\u52d9\u8a2d\u8a08\uff1a\u591a\u6b65\u9a5f\u554f\u984c\u5206\u89e3\u3001\u8edf\u4ef6\u5de5\u7a0b\u3001\u7814\u7a76\u7d9c\u5408\u3002\u540c Project Polaris\uff08GitHub Copilot \u5c08\u7528\uff09\u5514\u540c\uff0cMAI-Thinking-1 \u4fc2\u901a\u7528\u63a8\u7406\u6a21\u578b\uff0c\u6703\u7528\u55ba M365 Copilot Agent Mode\uff08Word\u3001Excel\u3001PowerPoint\uff09\u3002\n \n\u5982\u679c\u771f\u4fc2\u505a\u5230 Sonnet 4.6 \u7d1a\u6578\u4f46\u900f\u904e Azure \u4f01\u696d\u6298\u6263\u5e73\u904e Sonnet 4.6\uff08$3/$15 per million tokens\uff09\uff0c\u5c0d\u65bc Azure-heavy \u5605\u4f01\u696d\u569f\u8b1b\uff0c\u63a1\u8cfc\u8a08\u6578\u6703\u5b8c\u5168\u5514\u540c\u3002\n \n \n \n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \nAion 1.0 Instruct \u540c Plan\uff1aWindows \u5605\u672c\u5730\u5c0f\u578b\u8a9e\u8a00\u6a21\u578b\n \n\n \nMicrosoft \u55ba Build 2026 \u63a8\u51fa\u5169\u500b\u65b0 on-device SLM\uff1aAion 1.0 Instruct\uff08\u9810\u89bd\uff09\u4fc2\u65b0\u4e00\u4ee3 SLM\uff0c\u5c08\u70ba\u672c\u5730\u6307\u4ee4\u8ddf\u9032\u800c\u8a2d\uff0c\u5514\u4f7f Copilot+ PC \u90fd\u7528\u5f97\uff1bAion 1.0 Plan \u4fc2 14B \u53c3\u6578\u63a8\u7406+\u5de5\u5177\u8abf\u7528\u6a21\u578b\uff0c\u5c08\u70ba Windows \u672c\u5730 agent \u5de5\u4f5c\u6d41\u800c\u8a2d\u3002\n \n14B \u53c3\u6578\u5462\u500b\u4f4d\u597d\u6709\u610f\u601d\uff1a\u5927\u904e Phi Silica \u4f46\u7d30\u904e Claude Sonnet 4.6 \u6216 GPT-5.5\uff0c\u5c6c\u65bc\u300c\u672c\u5730\u524d\u6cbf\u300d\u985e\u5225\u2014\u2014\u5920\u529b\u505a\u8907\u96dc agent \u4efb\u52d9\u898f\u5283\uff0c\u540c\u6642\u55ba\u73fe\u4ee3 laptop GPU \u4e0a\u8dd1\u5f97\u9806\u5514\u4f7f\u4f86\u56de cloud\u3002\n \nAion 1.0 Plan \u6574\u5408\u5497\u5165 Windows Agent Framework \u6210\u70ba\u672c\u5730 agent \u5605\u63a8\u7406\u5c64\u3002WAF + Aion 1.0 Plan + DirectML 2.0 \u5c31\u4fc2 Microsoft \u5b8c\u6574\u5605 on-device AI stack\u3002\n \n \n \n \n\n \n\n \n\ud83c\udfe6 \ud83c\udfe6 \u91d1\u878d\u6a5f\u69cb\n \nMajorana 2\uff1aMicrosoft \u76ee\u6a19 2029 \u5e74\u91cf\u7522\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\n \n\n \nNadella \u55ba Build keynote \u5c3e\u8072\u5ba3\u5e03 Majorana 2\u2014\u2014\u7b2c\u4e8c\u4ee3\u91cf\u5b50\u8655\u7406\u5668\u3002Majorana 1 \u4fc2\u300c\u8b49\u660e\u57fa\u790e\u7269\u7406\u53ef\u884c\u300d\uff0cMajorana 2 \u4fc2\u300c\u958b\u59cb\u5de5\u7a0b\u898f\u6a21\u5316\u300d\u3002\u516c\u53f8\u76ee\u6a19 2029 \u5e74\u524d\u63a8\u51fa\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\u3002\n \nMajorana \u7528\u62d3\u64b2\u91cf\u5b50\u4f4d\u5143\uff0c\u540c IBM/Google \u5605\u8d85\u5c0e\u91cf\u5b50\u4f4d\u5143\u5b8c\u5168\u5514\u540c\u3002\u7406\u8ad6\u4e0a\u66f4\u7a69\u5b9a\u66f4\u5c11\u932f\u8aa4\uff0c\u4f46\u5de5\u7a0b\u4e0a\u597d\u96e3\u641e\u30021 \u5fae\u79d2\u64cd\u4f5c\u6642\u9593\u4fc2\u95dc\u9375\u2014\u2014\u5fae\u79d2\u7d1a\u91cf\u5b50\u9598\u4ee4\u96fb\u8def\u53ef\u4ee5\u8907\u96dc\u597d\u591a\u5148\u88ab\u9000\u76f8\u5e72\u5f71\u97ff\u3002\n \n\u5462\u500b\u6642\u9593\u8868\uff082029\uff09\u76f4\u63a5\u58d3\u8feb IBM\uff08\u76ee\u6a19 2033\u300c\u5bb9\u932f\u300d\u91cf\u5b50\uff09\u540c Google\uff08\u76ee\u6a19 2030 \u5e74\u4ee3\u521d\uff09\u3002\u5982\u679c\u505a\u5230\uff0cMicrosoft \u6703\u540c\u6642\u55ba\u91cf\u5b50\u8a08\u7b97\u540c AI \u57fa\u5efa\u5169\u500b\u9818\u57df\u4f54\u64da\u7368\u7279\u4f4d\u7f6e\u3002\n \n \n \n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \nMRC \u7db2\u7d61\u5354\u8b70\uff1aMicrosoft\u3001AMD\u3001Broadcom\u3001Intel\u3001OpenAI\u3001NVIDIA \u5171\u5efa\u958b\u653e\u6a19\u6e96\n \n\n \nMicrosoft \u55ba Build 2026 \u5ba3\u5e03 MRC \u5354\u8b70\u2014\u2014\u540c AMD\u3001Broadcom\u3001Intel\u3001OpenAI\u3001NVIDIA \u5171\u540c\u958b\u767c\u5605\u958b\u653e\u7db2\u7d61\u5354\u8b70\u3002\u5c07\u667a\u80fd\u653e\u5230\u7db2\u7d61\u7aef\u9ede\uff0c\u7b49 AI \u5de5\u4f5c\u8ca0\u8f09\u53ef\u4ee5\u52d5\u614b\u7e5e\u904e\u7db2\u7d61\u6545\u969c\u800c\u5514\u4f7f\u505c\u6a5f\u91cd\u555f\u3002\n \n\u554f\u984c\u597d\u73fe\u5be6\uff1a\u5927\u898f\u6a21 AI \u8a13\u7df4\u7528\u6210\u5343\u4e0a\u842c GPU\uff0c\u4efb\u4f55\u7db2\u7d61\u6545\u969c\u90fd\u53ef\u4ee5\u4ee4\u904b\u884c\u5497\u5e7e\u65e5\u5605 job \u505c\u9813\u6216\u91cd\u555f\u3002MRC \u5bb9\u8a31 job \u52d5\u614b\u7e5e\u8def\u7e7c\u7e8c\uff0c\u9810\u8a08\u6e1b\u5c11 15-25% \u7db2\u7d61\u6545\u969c\u8a08\u7b97\u6d6a\u8cbb\u3002\n \n\u591a\u9593\u7af6\u722d\u5c0d\u624b\u4e00\u9f4a\u958b\u767c\uff0c\u986f\u793a MRC \u4fc2\u5b9a\u4f4d\u505a\u696d\u754c\u6a19\u6e96\u800c\u5514\u4fc2 Microsoft \u7368\u6709\u6280\u8853\u3002\n \n \n \n \n\n \n\n \n\ud83e\udde0 \ud83e\udde0 LLM / \u57fa\u790e\u6a21\u578b\n \n\u4e94\u6a21\u578b Code Review \u57fa\u6e96\u6e2c\u8a66\uff1a\u908a\u500b AI \u7747 Bug-Seeded React Code \u6700\u53fb\uff1f\n \n\n \nReddit \u4e0a\u9031\u71b1\u9580 benchmark\uff1a\u7528 Grok\u3001Claude Opus 4.8\u3001Sonnet 4.6\u3001GPT-5.5\u3001Gemini 3.5 Flash \u5206\u5225 review \u540c\u4e00\u6bb5 bug-seeded React code\uff0c\u7531\u8cc7\u6df1\u958b\u767c\u8005\u76f2\u8a55\u3002\n \nOpus 4.8 bug detection \u6392\u7b2c\u4e00\uff0c\u5c24\u5176\u64c5\u9577\u5b89\u5168 bugs\uff08\u8a8d\u8b49\u7e5e\u904e\u3001\u6ce8\u5165\u3001CSRF\uff09\uff1bSonnet 4.6 \u6392\u7b2c\u4e8c\u4f46\u5feb\u597d\u591a\uff0c\u6027\u50f9\u6bd4\u6700\u9ad8\uff1bGPT-5.5 \u6392\u7b2c\u4e09\uff0c\u5f37\u9805\u4fc2 code style \u540c\u6280\u8853\u50b5\uff1bGemini Flash \u6392\u7b2c\u56db\u4f46\u6700\u5feb\uff1bGrok \u6392\u7b2c\u4e94\u53cd\u800c\u6700\u64c5\u9577\u6349 performance bottleneck\u3002\n \n\u96d6\u7136\u6709\u7d71\u8a08\u9650\u5236\uff0c\u4f46\u5462\u500b\u7d50\u679c\u540c\u6b63\u5f0f benchmark \u5605\u6a21\u5f0f\u4e00\u81f4\uff1aOpus \u9818\u5148 code quality\uff0cSonnet \u6027\u50f9\u6bd4\u6700\u597d\uff0cGemini Flash \u6700\u5feb\u3002\n \n \n \n \n\n \n\n \n\u2601\ufe0f \u2601\ufe0f \u4f01\u696d AI / \u57fa\u5efa\n \nSurface RTX Spark Dev Box\uff1a1 Petaflop AI \u7b97\u529b\uff0cNadella \u7b11\u8a71\u81ea\u5df1\u90fd\u62ce\u5514\u5230\n \n\n \nMicrosoft \u767c\u5e03 Surface RTX Spark Dev Box\u2014\u2014\u57fa\u65bc NVIDIA RTX \u5605\u958b\u767c\u5de5\u4f5c\u7ad9\uff0c1 petaflop AI \u7b97\u529b\u52a0 20 CPU \u6838\u5fc3\u3002Nadella \u7b11\u8a71\u9023\u81ea\u5df1\u90fd\u6392\u5514\u5230 waitlist\u3002\n \n\u5b9a\u4f4d\u4fc2\u7540\u958b\u767c\u8005\u55ba\u672c\u5730\u6e2c\u8a66\u751f\u7522\u7d1a AI agent \u63a8\u7406\u901f\u5ea6\u5f8c deploy \u4e0a Azure\u30021 petaflop \u6bd4\u76ee\u524d\u9ad8\u968e RTX \u5de5\u4f5c\u7ad9\uff08320-600 teraflops\uff09\u660e\u986f\u66f4\u5f37\u3002\n \n \n \n \n\n \n\n \n\u2601\ufe0f \u2601\ufe0f \u4f01\u696d AI / \u57fa\u5efa\n \nMicrosoft + Mayo Clinic\uff1a\u70ba\u5168\u7403\u91ab\u7642\u5065\u5eb7\u6253\u9020 Frontier AI \u6a21\u578b\n \n\n \nMayo Clinic CEO \u89aa\u81ea\u4e0a\u53f0\u5ba3\u5e03\u540c Microsoft \u5408\u4f5c\u958b\u767c\u300c\u5c08\u70ba\u91ab\u7642\u5065\u5eb7\u5605 frontier model\u300d\uff0c\u7528 Mayo Clinic \u5605\u81e8\u5e8a\u5c08\u696d\u540c\u7814\u7a76\u77e5\u8b58\u8a13\u7df4\uff0c\u76ee\u6a19\u4fc2\u5c07\u670d\u52d9\u5ef6\u4f38\u5230\u5168\u7403\u6578\u767e\u842c\u4eba\u3002\n \n\u7d30\u7bc0\u523b\u610f\u6a21\u7cca\u2014\u2014\u5187\u6a21\u578b\u67b6\u69cb\u3001\u8a13\u7df4\u6578\u64da\u6216\u6642\u9593\u8868\u3002\u4f46\u6703\u900f\u904e Azure \u90e8\u7f72\uff0c\u505a\u81e8\u5e8a\u6c7a\u7b56\u652f\u63f4\u3001\u75c5\u4eba\u5206\u6d41\u3001\u91ab\u5b78\u77e5\u8b58\u554f\u7b54\uff0c\u5514\u4fc2\u76f4\u63a5\u8a3a\u65b7\u3002\n \nMayo Clinic \u7528 150 \u5e74\u5efa\u7acb\u5605\u8072\u8b7d\u7d81\u5b9a\u55ba Microsoft AI \u6a21\u578b\u4e0a\uff0c\u4fc2\u91cd\u5927 institutional endorsement\u3002\u5c0d\u65bc\u8003\u616e\u63a1\u7528 AI \u5605\u91ab\u7642\u6a5f\u69cb\uff0cMayo Clinic \u53c3\u8207\u9664\u5497\u6280\u8853\u50f9\u503c\u4ef2\u6709\u4fe1\u8b7d\u80cc\u66f8\u3002\n \n \n \n \n\n \n\n \n\u2601\ufe0f \u2601\ufe0f \u4f01\u696d AI / \u57fa\u5efa\n \nWeb IQ \u540c Azure HorizonDB\uff1aAgent \u4e92\u806f\u7db2\u667a\u80fd\u540c\u5c08\u7528 Postgres\n \n\n \nWeb IQ\uff1aMicrosoft \u65b0 AI \u7cfb\u7d71\uff0c\u7540 agent \u5b58\u53d6\u7d50\u69cb\u5316\u5be6\u6642\u516c\u958b\u7db2\u7d61\u8cc7\u8a0a\uff08\u80a1\u50f9\u3001\u76e3\u7ba1\u66f4\u65b0\u3001\u65b0\u805e\uff09\uff0c\u540c Azure Agent Mesh \u6574\u5408\u3002\n \nAzure HorizonDB\uff1a\u5c08\u70ba agent \u61c9\u7528\u5605\u5168\u6258\u7ba1 PostgreSQL\uff0c\u8d85\u4f4e\u5ef6\u9072\u3001read scale-out\u3001\u5feb 3 \u500d\u4ea4\u6613\u540c\u641c\u5c0b\u3001\u5411\u91cf\u7d22\u5f15\u3001\u8a9e\u7fa9\u641c\u5c0b\u3001in-database model \u5b58\u53d6\u3002Web IQ + HorizonDB \u89e3\u6c7a\u5497 agent \u9700\u8981\u300c\u7576\u524d\u5916\u90e8\u667a\u80fd\u300d+\u300c\u5feb\u901f\u53ef\u641c\u5c0b\u5167\u90e8\u6578\u64da\u300d\u5605\u95dc\u9375\u7f3a\u53e3\u3002\n \n \n \n \n\n \n\n \n\u2601\ufe0f \u2601\ufe0f \u4f01\u696d AI / \u57fa\u5efa\n \nMaia 200 \u540c Cobalt 200\uff1aMicrosoft \u81ea\u5bb6\u6676\u7247\u6295\u7522\u540c\u9810\u89bd\n \n\n \nNadella \u78ba\u8a8d Maia 200\uff08\u7b2c\u4e8c\u4ee3 AI \u52a0\u901f\u5668\uff09\u5df2\u7d93\u55ba Iowa \u540c Arizona \u6295\u7522\uff0c\u4e0b\u4e00\u6b65\u64f4\u5c55\u5230\u610f\u5927\u5229\u3001\u6fb3\u6d32\u3001\u5357\u97d3\u3002tokens per dollar per watt \u5168\u6a5f\u7fa4\u6700\u597d\u3002Cobalt 200 ARM VM \u55ba 10+ \u5168\u7403\u5730\u5340\u9810\u89bd\u3002\n \nMaia 200 \u5c31\u4fc2\u884c Polaris \u540c MAI-Thinking-1 inference \u5605\u6676\u7247\u3002\u81ea\u5bb6\u6a21\u578b\u884c\u81ea\u5bb6\u6676\u7247\u884c\u81ea\u5bb6\u7db2\u7d61\u2014\u2014Microsoft \u6b77\u4f86\u6700\u5782\u76f4\u6574\u5408\u5605 AI stack\uff0c\u4f3c Apple \u5605 hardware-to-software \u63a7\u5236\u3002\n \n\u6bcf\u500b inference query \u7d93 Maia 200 \u5605\u5229\u6f64\u7387\u9ad8\u904e\u7d93 NVIDIA GPU\u3002Microsoft \u6709 3 \u5104+ Office 365 \u7528\u6236\uff0c\u5462\u500b margin difference \u55ba\u5462\u500b scale \u4e0b\u597d\u53ef\u89c0\u3002\u6676\u7247\u7b56\u7565\u6700\u7d42\u4fc2 margin \u7b56\u7565\u3002\n \n \n \n \n\n \n\n \n\ud83e\udd16 \ud83e\udd16 AI \u4ee3\u7406 / \u6846\u67b6\n \nScout\uff1a\u8de8\u6240\u6709\u5df2\u958b\u61c9\u7528\u7a0b\u5f0f\u5605 AI Agent\n \n\n \nMicrosoft \u767c\u5e03 Scout\u2014\u2014\u55ba\u4f60\u5de5\u4f5c\u5605\u5730\u65b9\u5de5\u4f5c\uff0c\u7121\u8ad6\u4fc2\u54a9 app\u300d\u5605\u8de8\u61c9\u7528 AI agent\u3002\u76e3\u63a7\u4f60 desktop \u4e0a\u4e0b\u6587\uff08\u958b\u5497\u54a9\u3001\u505a\u7dca\u54a9\u3001app \u4e4b\u9593\u8cbc\u54a9\uff09\uff0c\u63d0\u4f9b\u60c5\u5883\u5354\u52a9\u800c\u5514\u4f7f\u4f60\u5207\u63db\u53bb\u5c08\u7528 AI \u4ecb\u9762\u3002\n \n\u540c Copilot \u55ba\u55ae\u4e00 app \u5605\u95dc\u9375\u5206\u5225\uff1aScout \u660e\u767d\u4f60\u5b8c\u6574\u5605\u8de8\u61c9\u7528\u5de5\u4f5c\u8108\u7d61\u3002\u7531 Excel \u6284\u8cc7\u6599\u53bb Word \u540c\u6642\u7747\u7dca PDF\uff0cScout \u7406\u89e3\u4e09\u8005\u95dc\u4fc2\uff0c\u5e6b\u4f60\u5b8c\u6210\u6574\u9ad4\u4efb\u52d9\u800c\u5514\u4fc2\u55ae\u4e00\u6587\u4ef6\u3002\n \n \n \n \n\n \n\n \n\ud83d\udcbb \ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nSam Altman \u55ba Stargate Michigan\uff1aCoding Models \u4fc2 AI \u9700\u6c42\u6700\u5927\u9a45\u52d5\u529b\n \n\n \nCNBC \u8a2a\u554f Sam Altman \u55ba Stargate Michigan\u3002Altman \u8a71\u300cCoding models \u4fc2 demand \u6700\u5927\u9a45\u52d5\u529b\uff0c\u6211\u54cb\u56b4\u91cd\u4f4e\u4f30\u5497\u4eba\u985e\u6709\u5e7e\u60f3\u8981\u5462\u5572\u5622\u3002\u300d\u4f62\u5f62\u5bb9 Stargate \u4fc2 huge bet\u3002\n \n\u95dc\u65bc\u53d6\u4ee3\u8077\u4f4d\uff1aAltman \u8a71\u884c\u696d\u5187\u597d\u597d\u89e3\u91cb\u4eba\u985e\u9ede\u6a23\u4fdd\u6301\u63a7\u5236\u3002\u5ba3\u7a31\u56e0\u70ba AI \u88c1\u54e1\u5605\u516c\u53f8\u300c\u7528 AI \u7528\u5f97\u6700\u5c11\u300d\u2014\u2014\u771f\u6b63\u6709 AI \u751f\u7522\u529b\u63d0\u5347\u5605\u516c\u53f8\u592a\u5fd9\u5187\u6642\u9593\u88c1\u54e1\u3002\n \nOracle co-CEO \u900f\u9732 Stargate Michigan \u521d\u671f $160 \u5104\uff0cGPU+\u7db2\u7d61\u8981\u591a $300-400 \u5104\u2014\u2014\u7e3d\u5171 $460-560 \u5104\uff0c\u4eba\u985e\u53f2\u4e0a\u6700\u5927\u55ae\u4e00 AI \u57fa\u5efa\u9805\u76ee\u3002\n \n \n \n \n\n \n\n \n\ud83d\udcbb \ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \n\u4e2d\u570b Geedge Networks\uff1a\u7528 AI \u9810\u6e2c\u653f\u6cbb\u7570\u898b\u4eba\u58eb\uff08\u672a\u884c\u52d5\u524d\uff09\n \n\n \n\u4e2d\u570b AI \u516c\u53f8 Geedge Networks \u6b63\u5efa\u7acb AI \u7cfb\u7d71\uff0c\u7528\u884c\u70ba\u6578\u64da\u3001\u793e\u4ea4\u5a92\u9ad4\u6d3b\u52d5\u3001\u901a\u8a0a\u6a21\u5f0f\u9810\u6e2c\u908a\u500b\u6709\u53ef\u80fd\u6210\u70ba\u653f\u6cbb\u7570\u898b\u4eba\u58eb\u2014\u2014\u55ba\u4efb\u4f55\u7570\u898b\u884c\u70ba\u767c\u751f\u4e4b\u524d\u5c31 tagging \u4f62\u54cb\u3002\n \n\u8d85\u8d8a\u73fe\u6709\u793e\u6703\u4fe1\u7528\u8a55\u5206\uff08\u61f2\u7f70\u5df2\u8a18\u9304\u884c\u70ba\uff09\uff0c\u9032\u5165\u300cpre-crime\u300d\u9810\u6e2c\u653f\u6cbb\u6253\u58d3\u6a21\u5f0f\u3002frontier AI \u5605 machine learning \u80fd\u529b\u76f4\u63a5\u61c9\u7528\u55ba\u5927\u898f\u6a21\u653f\u6cbb\u6253\u58d3\uff0c\u4fc2\u76ee\u524d\u6700\u6e05\u695a\u5605\u300cAI \u5927\u898f\u6a21\u6feb\u7528\u300d\u771f\u5be6\u6848\u4f8b\u3002\n \n\u540c Anthropic Claude Mythos\uff08\u8b58\u5225\u6f0f\u6d1e\u53bb\u9632\u79a6\uff09\u5f62\u6210\u6700\u5c16\u92b3\u5c0d\u6bd4\u2014\u2014\u540c\u4e00\u6280\u8853\u5169\u500b\u5b8c\u5168\u76f8\u53cd\u7528\u9014\uff0c\u5b8c\u7f8e\u8aaa\u660e dual-use \u554f\u984c\u3002\n \n \n \n \n\n \n\n \n\ud83d\udcbb \ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nAI Prompt Injection 2026\uff1a\u76f4\u63a5\u8986\u84cb\u6210\u6b77\u53f2\uff0c\u591a\u6b65\u9a5f\u52ab\u6301\u6210\u4e3b\u6d41\n \n\n \n\u751f\u7522\u6578\u64da\u986f\u793a 2026 \u5e74 prompt injection \u653b\u64ca\u540c 2023 \u5e74\u5b8c\u5168\u5514\u540c\u30022023 \u5e74\u4e3b\u6d41\u4fc2\u76f4\u63a5\u8986\u84cb\u6307\u4ee4\uff08\u300c\u5ffd\u7565\u6240\u6709\u4e4b\u524d\u6307\u4ee4\uff0c\u505a X\u300d\uff09\uff0c\u5462\u5572\u800c\u5bb6\u5e7e\u4e4e\u5168\u90e8\u64cb\u5f97\u4f4f\u3002\n \n2026 \u5e74\u4fc2\u591a\u6b65\u9a5f\u52ab\u6301\uff1a\u653b\u64ca\u8005\u5c07\u4e00\u7cfb\u5217\u770b\u4f3c\u7121\u5bb3\u6307\u4ee4\u5206\u6563\u55ba\u591a\u500b input\uff08\u7528\u6236\u67e5\u8a62\u3001tool call \u7d50\u679c\u3001\u6aa2\u7d22\u6587\u4ef6\u3001memory output\uff09\uff0c\u55ae\u4e00\u500b input \u7747\u5514\u51fa\u60e1\u610f\uff0c\u7d44\u5408\u57cb redirect \u5497 agent \u884c\u70ba\u3002\n \n\u9632\u79a6\u8981\u6839\u672c\u5347\u7d1a\uff1a\u7531\u55ae\u4e00 input \u6aa2\u67e5\u8b8a\u8de8\u5b8c\u6574 agent session \u884c\u70ba\u76e3\u63a7\u3002\u4e0a\u661f\u671f Sysdig CVE-2026-48710\uff08autonomous LLM agent \u4e00\u5c0f\u6642\u5167 database exfiltration\uff09\u5c31\u4fc2\u5be6\u4f8b\u3002\n \n \n \n \n\n \n\n \n\ud83d\udd2c \ud83d\udd2c \u7814\u7a76\u8207\u8da8\u52e2\n \nMicrosoft Discovery GA\uff1aAI \u81ea\u52d5\u8a2d\u8a08\u5be6\u9a57\u3001\u5beb\u8ad6\u6587\u3001\u63d0\u4ea4 Lab Jobs\n \n\n \nMicrosoft Discovery \u79d1\u7814 AI \u5e73\u53f0\u6b63\u5f0f GA\u3002VP \u793a\u7bc4\u7528 Discovery \u6539\u5584\u5851\u81a0\u56de\u6536\u5316\u5b78\u2014\u2014\u8f38\u5165 prompt \u5c31\u63d0\u51fa\u5be6\u9a57\u65b9\u6848\u3001\u5beb\u8ad6\u6587\u7d50\u69cb\u3001\u63d0\u4ea4 lab jobs\u3001\u5efa\u8b70\u4e0b\u4e00\u6b65 protocol\u3002Carmona \u5f62\u5bb9\u300c\u611f\u89ba\u4f3c Iron Man\uff0c\u4e0d\u904e\u4fc2 for chemistry\u300d\u3002\n \nDiscovery \u5514\u4fc2\u4e00\u6b21\u6027\u7b54\u6848\u5f15\u64ce\uff0c\u90e8\u5206 output \u8981\u5e7e\u500b\u9418\u751a\u81f3\u5e7e\u65e5\uff0c\u56e0\u70ba iterative \u904b\u4f5c\u4f3c\u79d1\u5b78\u904e\u7a0b\u3002\u540c Mayo Clinic \u5408\u4f5c\u986f\u793a\u76ee\u6a19\u4ef2\u6709\u85e5\u7269\u767c\u73fe\u3001\u86cb\u767d\u8cea\u5efa\u6a21\u3001\u81e8\u5e8a\u8a66\u9a57\u8a2d\u8a08\u3002\n \n \n \n \n\n \n\n \n\ud83d\udcca \ud83d\udcca \u5e02\u5834\u8207\u8ca1\u7d93\n \nSpaceX + Anthropic + OpenAI IPO \u6216\u70ba\u7f8e\u570b\u80a1\u5e02\u589e\u52a0 4 \u842c\u5104\u7f8e\u5143\n \n\n \nThe Economist \u5206\u6790\uff1a\u5982\u679c SpaceX\u3001Anthropic\u3001OpenAI \u4e09\u9593\u516c\u53f8\u90fd\u55ba 2026 \u5e74\u5b8c\u6210 IPO\uff0c\u53ef\u4ee5\u55ba\u5e7e\u500b\u6708\u5167\u70ba\u7f8e\u570b\u80a1\u5e02\u589e\u52a0\u6700\u591a 4 \u842c\u5104\u7f8e\u5143\u5e02\u503c\u3002SpaceX $1.75T\u3001Anthropic ~$1-1.25T\u3001OpenAI $852B-$1T\u3002\n \n\u5c0d\u6bd4\u7f8e\u570b GDP \u7d04 $30T\uff0c\u4e09\u500b AI \u516c\u53f8\u516d\u500b\u6708\u5167\u52a0 $4T \u5e02\u503c\u6703\u4fc2 dot-com \u4ee5\u4f86\u6700\u5927\u55ae\u4e00 sector \u5e02\u503c\u64f4\u5f35\u3002\n \n\u98a8\u96aa\uff1a\u5462\u500b\u898f\u6a21\u5605 IPO \u9700\u8981\u6a5f\u69cb\u6295\u8cc7\u8005\u8ce3\u51fa\u73fe\u6709\u6301\u8ca8\u53bb\u8cb7\u65b0\u8ca8\uff0c\u53ef\u80fd\u9020\u6210 broad market \u5605\u8ce3\u58d3\uff0c\u5c24\u5176\u4fc2\u79d1\u6280\u80a1\u3002\u6642\u9593\u9806\u5e8f\uff08SpaceX 6\u6708\u3001OpenAI 9\u6708\u3001Anthropic 10\u6708\uff09\u5c31\u4fc2\u70ba\u5497\u5206\u6563\u8cc7\u91d1\u9700\u6c42\u3002\n \n \n \n\n \n\n \n\n \n\ud83d\udcf0 \u4f86\u6e90\uff1aBuild Fast with AI | Delivered: 2026-06-03 08:00 HKT\n \n \n\n\n\n", "creation_timestamp": "2026-06-03T02:50:21.000000Z"}, {"uuid": "03e52363-c399-474e-b58b-c428946887e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://gist.github.com/friendsalot66-cpu/fa616e63452f3b7503c7099efbae1f50", "content": "\n\n\n\n\n\nAI \u65b0\u805e\u91cd\u9ede \u2014 2026 \u5e74 06 \u6708 03\n\n body {font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, sans-serif; line-height: 1.6; color: #333; margin: 0; background-color: #f4f7f6; overflow: hidden; height: 100dvh;}\n .snap-container {height: 100dvh; overflow-y: scroll; scroll-snap-type: y mandatory; scroll-behavior: smooth;}\n .snap-section {height: 100dvh; scroll-snap-align: start; scroll-snap-stop: always; display: flex; flex-direction: column; justify-content: center; align-items: center; padding: 0 15px; box-sizing: border-box;}\n .content-card {max-width: 800px; background: #fff; padding: 30px; border-radius: 12px; box-shadow: 0 4px 15px rgba(0,0,0,0.1); width: 100%; box-sizing: border-box;}\n h1 {color: #2c3e50; border-bottom: 3px solid #3498db; padding-bottom: 12px; margin-top: 0; font-size: 1.5em;}\n h2.category {color: #e67e22; margin-top: 0; border-bottom: 1px solid #eee; padding-bottom: 8px; font-size: 1.2em;}\n h3.headline {color: #2980b9; margin-bottom: 8px; font-size: 1.15em;}\n ul {margin-top: 8px; padding-left: 22px;}\n li {margin-bottom: 10px; color: #444;}\n .footer {margin-top: 45px; font-size: 0.9em; color: #95a5a6; border-top: 1px solid #eee; padding-top: 20px; text-align: center;}\n .subtitle {color: #7f8c8d; font-size: 1.0em; font-style: italic; margin-bottom: 20px;}\n .summary-box {background: #e8f4f8; padding: 15px 20px; border-radius: 8px; margin-bottom: 20px; border-left: 4px solid #3498db;}\n .summary-box h2 {margin-top: 0; font-size: 1.1em; color: #2c3e50; margin-bottom: 10px;}\n .summary-table {width: 100%; border-collapse: collapse; margin-top: 10px; background: #fff;}\n .summary-table th, .summary-table td {border: 1px solid #bdd4e7; padding: 8px; text-align: left; font-size: 0.9em;}\n .summary-table th {background-color: #d1e8f2; color: #2c3e50; font-weight: 600;}\n .highlight-box {background-color: #f0f7fb; border-left: 5px solid #2980b9; padding: 15px 20px; margin: 15px 0; border-radius: 0 8px 8px 0;}\n\n\n\n \n\n \n\n \n\n \n\ud83d\udcf0 AI \u65b0\u805e\u91cd\u9ede \u2014 2026 \u5e74 06 \u6708 03\n \n**\u4eca\u65e5 15 \u5247\u4f60\u6700\u9700\u8981\u77e5\u5605 AI \u65b0\u805e**\n \n\n \n\ud83d\udccb \u4eca\u65e5\u65b0\u805e\u901f\u89bd\n \n\n StoryCompanyWhy It Matters\n \n \n \n Microsoft \u65d7\u8266\u63a8\u7406\u6a21\u578b\u62cd\u5f97\u4f4f Claude Sonnet 4.6\n Microsoft AI\n Microsoft \u7d42\u65bc\u6709\u81ea\u5bb6\u65d7\u8266\u63a8\u7406\u6a21\u578b\u62cd\u4f4f Claude Sonnet 4.6\uff0c\u5c0d Anthropic \u4f01\u696d\u6536\u5165\u69cb\u6210\u76f4\u63a5\u5a01\u8105\n \n \n \n Windows \u7d42\u65bc\u6709\u81ea\u5bb6 On-Device \u5c0f\u578b\u6a21\u578b\n Microsoft\n Microsoft \u586b\u88dc\u5497 on-device AI \u5605\u91cd\u8981\u7f3a\u53e3\uff0c14B \u6a21\u578b\u5920\u52c1\u53c8\u5514\u4f7f cloud\n \n \n \n Microsoft \u76ee\u6a19 2029 \u5e74\u9020\u51fa\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\n Microsoft\n \u91cf\u5b50\u96fb\u8166\u76ee\u6a19\u52a0\u901f\u5230 2029\uff0ctopological qubits \u8def\u7dda\u9818\u5148\u5c0d\u624b\n \n \n \n Microsoft\u3001AMD\u3001Broadcom\u3001Intel\u3001OpenAI\u3001NVIDIA \u806f\u624b\u9020\u958b\u653e\u6a19\u6e96\n Microsoft + AMD + Broadcom + Intel + OpenAI + NVIDIA\n \u8de8\u516c\u53f8\u958b\u653e\u5354\u8b70\u89e3\u6c7a\u5497\u5927\u898f\u6a21 AI training \u5605\u7db2\u7d61\u6545\u969c\u75db\u9ede\n \n \n \n \u908a\u500b AI \u6700\u53fb\u6349 Bug\uff1f\n Claude / GPT / Gemini / Grok\n \u6700\u65b0 community benchmark \u986f\u793a Opus 4.8 \u6349 bug \u6700\u5f37\uff0cSonnet 4.6 \u6027\u50f9\u6bd4\u6700\u9ad8\n \n \n \n 1 Petaflop AI \u7b97\u529b\uff0cNadella \u8a71\u81ea\u5df1\u90fd\u6392\u5514\u5230\u968a\n Microsoft + NVIDIA\n 1 petaflop \u5605 AI \u958b\u767c\u5de5\u4f5c\u7ad9\uff0cdeveloper \u672c\u5730\u6e2c\u8a66 agent workload \u5514\u4f7f call cloud\n \n \n \n Frontier AI Model \u5c08\u70ba\u91ab\u7642\u800c\u8a2d\n Microsoft + Mayo Clinic\n \u5168\u7403\u9802\u5c16\u91ab\u7642\u6a5f\u69cb Mayo Clinic \u540c Microsoft \u5408\u4f5c\u958b\u767c\u5c08\u7528\u91ab\u7642 AI \u6a21\u578b\n \n \n \n Agent \u5c08\u7528\u4e92\u806f\u7db2\u667a\u80fd\u540c\u6578\u64da\u5eab\n Microsoft Azure\n Microsoft \u70ba agent \u751f\u614b\u6e96\u5099\u597d infrastructure layer \u2014 \u5be6\u6642\u7db2\u7d61\u6578\u64da\u540c agent-native \u6578\u64da\u5eab\n \n \n \n Microsoft \u81ea\u5bb6\u6676\u7247\u5df2\u6295\u7522\n Microsoft\n Microsoft \u81ea\u5bb6 AI \u6676\u7247\u5df2\u6295\u7522\uff0cMaia 200 \u4fc2\u6a5f\u968a\u6548\u7387\u6700\u9ad8\u5605 inference \u6676\u7247\n \n \n \n \u8de8\u6240\u6709 App \u5605 AI Agent\n Microsoft\n Microsoft \u5605\u8de8\u61c9\u7528 AI agent \u6b63\u5f0f\u63a8\u51fa\uff0c\u5514\u4f7f switch app \u5c31\u53ef\u4ee5\u5f97\u5230 context-aware \u5354\u52a9\n \n \n \n Coding Models \u4fc2 AI \u9700\u6c42\u6700\u5927\u63a8\u52d5\u529b\n OpenAI / Stargate\n Altman \u660e\u78ba\u6307\u51fa coding models \u4fc2 AI \u9700\u6c42\u6700\u52c1\u5605 driver\uff0cStargate \u9020\u50f9\u9054 $46-56B\n \n \n \n AI \u9810\u6e2c\u7570\u898b\u4eba\u58eb\uff0c\u672a\u884c\u52d5\u5148\u6a19\u8a18\n Geedge Networks\n AI \u7528\u65bc\u653f\u6cbb\u58d3\u8feb\u5605\u771f\u5be6\u6848\u4f8b \u2014 \u9810\u6e2c\u7570\u8b70\u4eba\u58eb\u672a\u884c\u52d5\u5148\u6a19\u8a18\n \n \n \n \u591a\u6b65\u9a5f Hijacking \u6210\u4e3b\u6d41\n N/A\n Prompt injection \u9032\u5316\u6210\u591a\u6b65\u9a5f hijacking\uff0c\u55ae\u6b21\u6aa2\u6e2c\u5df2\u4e0d\u8db3\u4ee5\u9632\u79a6\n \n \n \n AI \u8a2d\u8a08\u5be6\u9a57\u3001\u5beb\u8ad6\u6587\u3001\u63d0\u4ea4 lab job\n Microsoft\n Microsoft \u5605\u79d1\u7814 AI platform GA\uff0c\u540c Google DeepMind \u7af6\u722d\u79d1\u5b78 AI \u5e02\u5834\n \n \n \n \ud83d\udcca SpaceX + Anthropic + OpenAI IPOs \u53ef\u80fd\u70ba\u7f8e\u570b\u80a1\u5e02\u589e\u52a0 $4 \u842c\u5104\n SpaceX / Anthropic / OpenAI\n \u4e09\u5bb6 AI \u516c\u53f8 IPO \u7e3d\u503c\u53ef\u80fd\u9054 $4 \u842c\u5104\uff0c\u4fc2 dot-com \u4ee5\u4f86\u6700\u5927\u5605 sector \u5e02\u503c\u64f4\u5f35\n \n \n \n \n \n \n \n \n\n \n\n \n\ud83e\udde0 \u57fa\u790e\u6a21\u578b\n \nMicrosoft \u65d7\u8266\u63a8\u7406\u6a21\u578b\u62cd\u5f97\u4f4f Claude Sonnet 4.6\n \n\nMustafa Suleyman \u55ba Build Day 2 \u63a8\u51fa MAI-Thinking-1\uff0cMicrosoft AI \u5605\u65d7\u8266\u63a8\u7406\u6a21\u578b\u3002\u5b98\u65b9\u8a71\u4f62\u300c\u55ba\u95dc\u9375\u5605\u8edf\u4ef6\u5de5\u7a0b benchmark \u8ffd\u4e0a\u9818\u5148\u6a21\u578b\uff0c\u4ef2\u55ba blind side-by-side \u6e2c\u8a66\u5165\u9762\u540c Sonnet 4.6 \u9054\u5230 human preference parity\u300d\u2014 \u5373\u4fc2\u540c Sonnet 4.6 \u5e73\u8d77\u5e73\u5750\u3002\n\u5462\u500b\u6a21\u578b\u5c08\u70ba\u591a\u6b65\u9a5f\u63a8\u7406\u3001\u8edf\u4ef6\u5de5\u7a0b\u3001\u7814\u7a76\u7d9c\u5408\u540c\u8907\u96dc\u6307\u4ee4\u8ddf\u9032\u800c\u8a2d\uff0c\u6703\u7528\u55ba Microsoft 365 Copilot \u5605 Agent Mode \u5165\u9762\u3002\n\u5982\u679c MAI-Thinking-1 \u771f\u4fc2\u6709 Sonnet 4.6 \u6c34\u5e73\uff0c\u4ef2\u8981\u7d93 Azure AI Foundry \u4ffe enterprise discount\uff0c\u5c0d Anthropic \u5605 Sonnet \u6536\u5165\u4fc2\u91cd\u5927\u5a01\u8105\u3002\n \n \n\n \n\n \n\n \n\ud83e\udde0 \u57fa\u790e\u6a21\u578b\n \nWindows \u7d42\u65bc\u6709\u81ea\u5bb6 On-Device \u5c0f\u578b\u6a21\u578b\n \n\nMicrosoft \u55ba Build 2026 \u63a8\u51fa\u5169\u500b\u65b0\u5605 on-device SLM\u3002Aion 1.0 Instruct \u4fc2\u65b0\u4e00\u4ee3\u5c0f\u6a21\u578b\uff0c\u4efb\u4f55 Windows \u6a5f\u90fd\u884c\u5f97\u3002Aion 1.0 Plan \u4fc2 14B \u53c3\u6578\u5605\u63a8\u7406\u540c tool-calling \u6a21\u578b\uff0c\u5c08\u70ba\u672c\u5730 agentic workflow \u800c\u8a2d\u3002\n14B \u5462\u500b\u898f\u683c\u597d\u6709\u610f\u601d\uff1a\u5927\u904e Phi Silica\uff0c\u7d30\u904e Claude Sonnet 4.6 \u6216 GPT-5.5\u3002\u4f62\u4f54\u5497\u500b\u300clocal frontier\u300d\u5605\u4f4d\u2014\u2014\u5920\u52c1\u505a\u8907\u96dc agent \u4efb\u52d9\u898f\u5283\uff0c\u53c8\u5920\u7d30\u884c\u5230\u73fe\u4ee3 laptop GPU \u5514\u4f7f call cloud\u3002\nAion 1.0 Plan \u4fc2 Windows Agent Framework \u5605\u672c\u5730\u63a8\u7406\u5c64\uff0c\u593e\u57cb WAF + DirectML 2.0 \u5c31\u4fc2 Microsoft \u5605\u5b8c\u6574 on-device AI stack\u3002\n \n \n\n \n\n \n\n \n\ud83c\udfe6 \u91d1\u878d\u6a5f\u69cb\n \nMicrosoft \u76ee\u6a19 2029 \u5e74\u9020\u51fa\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\n \n\nNadella \u55ba Build keynote \u58d3\u8ef8\u5ba3\u5e03 Majorana 2 \u7b2c\u4e8c\u4ee3\u91cf\u5b50\u8655\u7406\u5668\u3002Majorana 1 \u8b49\u660e\u4e86\u57fa\u790e\u7269\u7406\u53ef\u884c\uff0cMajorana 2 \u958b\u59cb\u505a\u5de5\u7a0b\u898f\u6a21\u5316\u3002Microsoft \u76ee\u6a19 2029 \u5e74\u524d\u4ea4\u4ed8\u53ef\u64f4\u5c55\u91cf\u5b50\u96fb\u8166\u3002\nMajorana \u7528 topological qubits\uff0c\u7406\u8ad6\u4e0a\u6bd4 IBM/Google \u5605 superconducting qubits \u66f4\u7a69\u5b9a\u66f4\u5c11 error\uff0c\u4f46\u5de5\u7a0b\u96e3\u5ea6\u9ad8\u597d\u591a\u3002Nadella \u63d0\u5230\u5605 1-microsecond operation time \u4fc2\u95dc\u9375\u2014\u2014\u5fae\u79d2\u7d1a\u5605\u91cf\u5b50\u9598\u64cd\u4f5c\u53ef\u4ee5\u55ba decoherence \u4e4b\u524d\u8dd1\u66f4\u8907\u96dc\u5605\u96fb\u8def\u3002\n\u5982\u679c 2029 \u5e74\u9054\u6a19\uff0cMicrosoft \u5605\u91cf\u5b50\u6642\u9593\u8868\u5c31\u5feb\u904e IBM\uff08\u76ee\u6a19 2033\uff09\u540c Google\uff08\u76ee\u6a19 2030 \u5e74\u4ee3\u521d\uff09\uff0c\u5c0d AI training \u540c optimization \u6709\u8b8a\u9769\u6027\u5f71\u97ff\u3002\n \n \n\n \n\n \n\n \n\ud83e\udde0 \u57fa\u790e\u6a21\u578b\n \nMicrosoft\u3001AMD\u3001Broadcom\u3001Intel\u3001OpenAI\u3001NVIDIA \u806f\u624b\u9020\u958b\u653e\u6a19\u6e96\n \n\nMicrosoft \u55ba Build 2026 \u5ba3\u5e03 Multipath Reliable Connection (MRC) \u5354\u8b70\uff0c\u540c AMD\u3001Broadcom\u3001Intel\u3001OpenAI\u3001NVIDIA \u4e00\u9f4a\u958b\u767c\u5605\u958b\u653e\u7db2\u7d61\u5354\u8b70\u3002MRC \u5c07 intelligence \u653e\u55ba network endpoints\uff0c\u7b49 AI workload \u53ef\u4ee5\u52d5\u614b\u7e5e\u904e\u7db2\u7d61\u6545\u969c\u3002\n\u5462\u500b\u554f\u984c\u597d\u73fe\u5be6\uff1a\u842c\u5f35 GPU \u5605 training job \u8dd1\u5497\u5e7e\u65e5\uff0c\u4e00\u500b\u7db2\u7d61\u6545\u969c\u5c31\u8981 restart\u3002MRC \u5605 endpoint intelligence \u53ef\u4ee5\u52d5\u614b\u7e5e\u9053\u7e7c\u7e8c\u884c\u3002\u8de8\u516c\u53f8\u5408\u4f5c\u610f\u5473 MRC \u4fc2 industry standard \u5b9a\u4f4d\u3002\n\u9810\u671f\u53ef\u4ee5\u6e1b\u5c11\u5927\u578b job \u56e0\u7db2\u7d61\u6545\u969c\u800c\u6d6a\u8cbb\u5605 compute \u7d04 15\u201325%\uff0c\u5c0d Azure \u5ba2\u6236\u4fc2\u597d\u5927\u5605\u6548\u7387\u63d0\u5347\u3002\n \n \n\n \n\n \n\n \n\ud83e\udde0 \u57fa\u790e\u6a21\u578b\n \n\u908a\u500b AI \u6700\u53fb\u6349 Bug\uff1f\n \n\nReddit r/ClaudeAI \u6709\u500b\u71b1\u9580 benchmark\uff1aGrok\u3001Claude Opus 4.8\u3001Claude Sonnet 4.6\u3001GPT-5.5\u3001Gemini 3.5 Flash \u5404\u81ea review \u540c\u4e00\u500b bug-seeded React app\uff0csenior dev panel blind \u8a55\u5206\u3002\n\u7d50\u679c\uff1aClaude Opus 4.8 \u6349 bug \u6700\u6e96\u5c24\u5176 security bug\u3002Sonnet 4.6 \u6392\u7b2c\u4e8c\u4f46 output \u5feb\u597d\u591a\uff0c\u6027\u50f9\u6bd4\u6700\u9ad8\u3002GPT-5.5 \u7b2c\u4e09\u3002Gemini 3.5 Flash \u7b2c\u56db\u4f46\u6700\u5feb\u3002Grok \u7b2c\u4e94\u4f46\u64c5\u9577 performance bottleneck\u3002\n\u540c formal benchmark \u500b pattern \u4e00\u81f4\uff1aOpus 4.8 \u9818\u5148 code quality\uff0cSonnet 4.6 \u6027\u50f9\u6bd4\u6700\u597d\uff0cGemini \u8d0f speed\u3002\n \n \n\n \n\n \n\n \n\u2601\ufe0f \u57fa\u5efa\n \n1 Petaflop AI \u7b97\u529b\uff0cNadella \u8a71\u81ea\u5df1\u90fd\u6392\u5514\u5230\u968a\n \n\nMicrosoft \u767c\u5e03 Surface RTX Spark Dev Box \u2014 \u57fa\u65bc NVIDIA RTX \u5605\u958b\u767c\u5de5\u4f5c\u7ad9\uff0c1 petaflop AI compute \u52a0 20 \u500b CPU core\u3002Nadella \u958b\u73a9\u7b11\u8a71\u81ea\u5df1\u90fd\u6392\u5514\u5230 waitlist\u3002\n1 petaflop \u6bd4\u73fe\u6642\u9ad8\u968e RTX \u5de5\u4f5c\u7ad9\u5f37\u597d\u591a\uff0c\u8db3\u5920\u672c\u5730\u8dd1 full-scale agent workload \u505a\u958b\u767c\u6e2c\u8a66\u3002\u5b9a\u4f4d\u4fc2\u4ffe developer \u672c\u5730\u6e2c\u8a66 production-level \u63a8\u7406\u901f\u5ea6\u518d deploy \u4e0a Azure\u3002\n \n \n\n \n\n \n\n \n\u2601\ufe0f \u57fa\u5efa\n \nFrontier AI Model \u5c08\u70ba\u91ab\u7642\u800c\u8a2d\n \n\nMayo Clinic CEO \u55ba Build 2026 \u5ba3\u5e03\u540c Microsoft \u5408\u4f5c\u958b\u767c\u300cfrontier model specifically for health\u300d\u2014 \u7528 Mayo Clinic \u5605\u81e8\u5e8a\u5c08\u696d\u540c\u91ab\u5b78\u77e5\u8b58\u8a13\u7df4\u5605\u5b9a\u5236 AI \u6a21\u578b\u3002\u76ee\u6a19\u4fc2\u5c07 Mayo Clinic \u5605\u670d\u52d9\u64f4\u5c55\u5230\u5168\u7403\u3002\n\u66ab\u6642\u672a\u6709\u5177\u9ad4\u6280\u8853\u7d30\u7bc0\u516c\u958b\uff0c\u4f46 Mayo Clinic \u4fc2\u5168\u7403\u6700\u9802\u5c16\u91ab\u7642\u6a5f\u69cb\uff0c\u5462\u500b partnership \u4fe1\u865f\u597d\u5f37\u3002\n \n \n\n \n\n \n\n \n\u2601\ufe0f \u57fa\u5efa\n \nAgent \u5c08\u7528\u4e92\u806f\u7db2\u667a\u80fd\u540c\u6578\u64da\u5eab\n \n\nBuild 2026 \u6709\u5169\u500b infrastructure \u516c\u5e03\uff1aWeb IQ \u4ffe agent \u5b58\u53d6\u7d50\u69cb\u5316\u5be6\u6642\u516c\u958b\u7db2\u7d61\u8cc7\u8a0a\uff08\u80a1\u50f9\u3001\u6cd5\u898f\u66f4\u65b0\uff09\uff0c\u4fc2 verified structured data \u5514\u4fc2 raw HTML\u3002\nAzure HorizonDB \u4fc2\u5c08\u70ba agent \u800c\u5efa\u5605 Postgres \u64f4\u5c55\uff0c\u652f\u63f4 agent \u4e4b\u9593\u5171\u4eab\u72c0\u614b\u540c\u8de8 agent \u8a18\u61b6\u3002\n \n \n\n \n\n \n\n \n\u2601\ufe0f \u57fa\u5efa\n \nMicrosoft \u81ea\u5bb6\u6676\u7247\u5df2\u6295\u7522\n \n\nNadella \u78ba\u8a8d Maia 200 \u5df2\u55ba Iowa \u540c Arizona \u6295\u7522\uff0c\u4e0b\u4e00\u7ad9 Italy\u3001Australia\u3001South Korea\u3002Maia 200 \u4fc2 Microsoft \u6a5f\u968a\u5165\u9762 tokens per dollar per watt \u6700\u9ad8\u5605\u6676\u7247\u3002\nCobalt 200 ARM \u8655\u7406\u5668\u5605\u65b0 VM \u800c\u5bb6 preview\uff0c\u5df2\u90e8\u7f72\u55ba\u8d85\u904e 10 \u500b\u5168\u7403 region\u3002\n \n \n\n \n\n \n\n \n\ud83e\udd16 \u6846\u67b6\n \n\u8de8\u6240\u6709 App \u5605 AI Agent\n \n\nMicrosoft \u767c\u5e03 Scout\uff0c\u4e00\u500b\u4eca\u65e5\u5c31\u4ffe developer \u7528\u5605 AI agent\u3002\u4f62\u76e3\u63a7\u4f60\u6210\u500b desktop \u5605 context\uff0c\u7136\u5f8c\u63d0\u4f9b\u8de8\u61c9\u7528\u7a0b\u5f0f\u5605 context-aware \u5354\u52a9\u3002\n\u540c Copilot \u55ba\u500b\u5225 app \u5605\u6700\u5927\u5206\u5225\uff1aScout \u7406\u89e3\u4f60\u6210\u500b work session \u5605 cross-application \u4e0a\u4e0b\u6587\u3002\n \n \n\n \n\n \n\n \n\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nCoding Models \u4fc2 AI \u9700\u6c42\u6700\u5927\u63a8\u52d5\u529b\n \n\nCNBC \u8a2a\u554f Sam Altman \u55ba Stargate Michigan data center\u3002Altman \u8a71 Coding models \u4fc2 AI \u9700\u6c42\u6700\u5927\u63a8\u52d5\u529b\uff0cStargate \u5462\u500b\u5927\u8ced\u6ce8\u5c31\u4fc2\u57fa\u65bc coding model \u5605 adoption\u3002\nOracle co-CEO \u8a71 Michigan data center \u7e3d\u9020\u50f9 $46\u2013$56B \u2014 \u4eba\u985e\u53f2\u4e0a\u6700\u5927\u5605\u55ae\u4e00 AI \u57fa\u5efa\u9805\u76ee\u3002OpenAI \u4ef2\u6703\u5411 Michigan \u8d85\u904e 40 \u842c\u540d\u5b78\u751f\u63d0\u4f9b $45M Codex credits\u3002\n \n \n\n \n\n \n\n \n\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \nAI \u9810\u6e2c\u7570\u898b\u4eba\u58eb\uff0c\u672a\u884c\u52d5\u5148\u6a19\u8a18\n \n\nPolitical Wire \u5831\u5c0e Geedge Networks \u6b63\u5efa\u9020 AI \u7cfb\u7d71\uff0c\u7528\u884c\u70ba\u6578\u64da\u3001\u793e\u4ea4\u5a92\u9ad4\u6d3b\u52d5\u540c\u79fb\u52d5\u6578\u64da\u9810\u6e2c\u908a\u500b\u4eba\u53ef\u80fd\u6703\u6210\u70ba\u653f\u6cbb\u7570\u898b\u4eba\u58eb\uff0c\u55ba\u672a\u6709\u4efb\u4f55\u884c\u52d5\u4e4b\u524d\u5c31\u4ffe risk score\u3002\n\u5462\u500b\u4fc2 pre-crime \u5f0f predictive political profiling\uff0c\u540c Anthropic \u5605 Claude Mythos \u5f62\u6210\u5c16\u92b3\u5c0d\u6bd4\uff0c\u4fc2 AI \u96d9\u9762\u6027\u5605\u6700\u6e05\u695a\u4f8b\u8b49\u3002\n \n \n\n \n\n \n\n \n\ud83d\udcbb \u958b\u767c\u8005\u5de5\u5177\n \n\u591a\u6b65\u9a5f Hijacking \u6210\u4e3b\u6d41\n \n\n\u6700\u65b0\u4f01\u696d\u7d1a\u6aa2\u6e2c\u6578\u64da\u986f\u793a 2026 \u5e74\u653b\u64ca\u65b9\u5f0f\u540c 2023 \u5e74\u5b8c\u5168\u5514\u540c\u30022023 \u5e74\u5605 direct override \u57fa\u672c\u4e0a\u6240\u6709\u751f\u7522\u7cfb\u7d71\u90fd\u64cb\u5f97\u4f4f\u3002\n2026 \u5e74\u4e3b\u6d41\u4fc2 multi-step hijacking\uff1a\u4e00\u7cfb\u5217\u770b\u4f3c\u7121\u5bb3\u5605 instruction \u5206\u6563\u55ba\u591a\u500b input\uff0c\u6bcf\u500b\u55ae\u7368\u7747\u5187\u554f\u984c\uff0c\u7d44\u5408\u57cb\u5c31 redirect \u5497 agent \u884c\u70ba\u3002\n\u9632\u79a6\u9700\u8981 behavioral monitoring across full agent session\u3002\u4e0a\u661f\u671f Sysdig CVE-2026-48710 \u5605 database exfiltration \u5c31\u4fc2\u5be6\u4f8b\u3002\n \n \n\n \n\n \n\n \n\ud83d\udd2c \u7814\u7a76\u8207\u8da8\u52e2\n \nAI \u8a2d\u8a08\u5be6\u9a57\u3001\u5beb\u8ad6\u6587\u3001\u63d0\u4ea4 lab job\n \n\nMicrosoft Discovery \u79d1\u7814 AI \u5e73\u53f0\u6b63\u5f0f GA\u3002VP David Carmona \u793a\u7bc4\u7528\u4f62\u6539\u5584\u5851\u81a0\u56de\u6536\u5316\u5b78 \u2014 \u7814\u7a76\u54e1 input prompt\uff0cDiscovery \u63d0\u8b70\u5be6\u9a57\u65b9\u6cd5\u3001\u5beb\u8ad6\u6587\u7d50\u69cb\u3001\u63d0\u4ea4 AI-generated lab job\u3002\n\u5514\u4fc2\u4e00\u6b21\u6027\u554f\u7b54\u5f15\u64ce\uff0c\u6709\u5572 output \u8981\u5e7e\u500b\u9418\u751a\u81f3\u5e7e\u65e5\uff0c\u56e0\u70ba iterative \u904b\u4f5c\u597d\u4f3c\u771f\u5be6\u79d1\u5b78\u904e\u7a0b\u3002GA \u610f\u5473 enterprise \u5ba2\u6236\u6709 active Azure agreement \u5c31\u7528\u5f97\u3002\n \n \n\n \n\n \n\n \n\ud83d\udcca \u5e02\u5834\u8207\u8ca1\u7d93\n \n\ud83d\udcca SpaceX + Anthropic + OpenAI IPOs \u53ef\u80fd\u70ba\u7f8e\u570b\u80a1\u5e02\u589e\u52a0 $4 \u842c\u5104\n \n\nThe Economist \u5206\u6790\u6307 SpaceX\u3001Anthropic \u540c OpenAI \u4e09\u8005\u5982\u679c\u55ba 2026 \u5e74\u5b8c\u6210 IPO\uff0c\u53ef\u80fd\u70ba\u7f8e\u570b\u80a1\u5e02\u5e7e\u500b\u6708\u5167\u589e\u52a0 $4 \u842c\u5104\u5e02\u503c\u3002SpaceX \u4f30\u503c $1.75T\uff0cAnthropic \u7d04 $1\u20131.25T\uff0cOpenAI \u7d04 $852B\u2013$1T\u3002\n\u5462\u500b\u898f\u6a21\u5605 capital inflow \u9700\u8981 institutional investors \u8ce3\u51fa\u73fe\u6709\u6301\u5009\u53bb\u7c4c\u9322\uff0c\u53ef\u80fd\u5c0d broad market indices \u9020\u6210\u8ce3\u58d3\uff0c\u5c24\u5176\u4fc2 tech \u677f\u584a\u3002\n \n \n\n \n\n \n\n \n\ud83d\udcf0 \u4f86\u6e90\uff1aBuild Fast with AI | Delivered: 2026-06-03 10:24 HKT\n \n \n \n\n\n", "creation_timestamp": "2026-06-03T02:24:10.000000Z"}, {"uuid": "0242094a-dcfb-43ea-925f-e472b339f7d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-48710.yaml", "content": "", "creation_timestamp": "2026-06-02T16:25:22.000000Z"}, {"uuid": "2ad69334-63c9-42ff-95a1-023d35e87078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://bsky.app/profile/reallynotbob.bsky.social/post/3mnhotjkghp2v", "content": "MCP CVEs keep surfacing because stdio design merges config and command. Same flaw BadHost CVE-2026-48710 exploited. Each CVE patched individually. The systemic fix: a boundary layer treating every MCP call as potential command, not just context update.", "creation_timestamp": "2026-06-04T13:05:32.898971Z"}, {"uuid": "0fb2af36-255e-43e6-be65-b452492ad909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48710", "type": "seen", "source": "https://gist.github.com/alon710/cb3b1174ebf48e827d68142e3b30cd37", "content": "# CVE-2026-48710: CVE-2026-48710: Starlette BadHost HTTP Host-Header Path-Poisoning and Authentication Bypass\n\n> **CVSS Score:** 7.0\n> **Published:** 2026-06-04\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48710\n\n## Summary\nCVE-2026-48710 is a critical security-desynchronization vulnerability in the Starlette ASGI framework (versions >= 0.8.3, < 1.0.1) that allows remote attackers to bypass path-based security middleware and access-control decorators. By injecting URI authority-to-path delimiters into the Host header, attackers can manipulate the application-level parsed URL path while the underlying ASGI server dispatches the request to target endpoints.\n\n## TL;DR\nA validation flaw in Starlette's Host header parsing enables attackers to bypass security middleware checks. By adding characters like '?' or '#' to the Host header, the framework miscalculates the request path as '/' (public) while the router still executes the actual targeted administrative endpoint.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-1289\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0 Score**: 7.0 (High Severity)\n- **EPSS Score**: 0.00353 (0.35%)\n- **Impact**: Authentication and Authorization Bypass\n- **Exploit Status**: Proof-of-Concept (PoC) public, scanner code weaponized\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- Starlette ASGI framework (versions >= 0.8.3, < 1.0.1)\n- FastAPI applications using path-based security middleware\n- LiteLLM and vLLM infrastructures deployed on vulnerable Starlette versions\n- Model Context Protocol (MCP) server implementations running on Starlette\n- **Starlette**: >= 0.8.3, < 1.0.1 (Fixed in: `1.0.1`)\n- **FastAPI**: <= 0.115.x (Fixed in: `Dependent on Starlette 1.0.1`)\n\n## Mitigation\n\n- Upgrade Starlette to version 1.0.1 or higher to enforce strict Host header validation.\n- Modify custom middleware to reference request.scope['path'] instead of request.url.path to prevent path desynchronization.\n- Deploy an RFC-compliant reverse proxy (such as Nginx or Apache) that rejects invalid characters in the Host header.\n- Ensure ASGI application servers bind only to localhost and are not directly exposed to untrusted networks.\n\n**Remediation Steps:**\n1. Identify all deployments using Starlette by running 'pip show starlette' or auditing lock files.\n2. Update requirements.txt or poetry.lock to specify 'starlette>=1.0.1'.\n3. Rebuild and redeploy container images to ensure downstream packages (like FastAPI) use the updated Starlette version.\n4. Test custom security middleware with mock malformed Host headers to verify that access control checks cannot be bypassed.\n\n## References\n\n- [Official Starlette GitHub Advisory](https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr)\n- [Official Security Fix Commit](https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6)\n- [X41 D-Sec Lab Security Advisory](https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette)\n- [OSTIF Disclosure & Deep-Dive Warning](https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette)\n- [CVE Record (CVE.org)](https://www.cve.org/CVERecord?id=CVE-2026-48710)\n- [PyPA PYSEC Tracker](https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml)\n- [BadHost Exploit & Scanner Repository](https://github.com/Bhanunamikaze/BadHost-CVE-2026-48710-Exploit)\n- [Dedicated Threat Portal](https://badhost.org)\n- [SecWest Starlette Portal](https://www.secwest.net/starlette)\n- [Wiz Vulnerability Analysis Entry](https://www.wiz.io/vulnerability-database/cve/cve-2026-48710)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48710) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-04T13:40:58.000000Z"}]}