Hackers could have accessed OpenAI, Gemini API keys
Technology
Earlier this year, Microsoft rolled out NLWeb—a protocol designed to make web and app searches smarter with AI.
But researchers Aonan Guan and Lei Wang soon found a serious bug: hackers could grab sensitive files, including API keys for OpenAI and Gemini, which power popular AI models like GPT-4.
This meant someone could hijack AI agents or even rack up huge bills.
Microsoft fixed the flaw on July 1
Microsoft fixed the flaw on July 1, 2025, but they're urging everyone using NLWeb to update ASAP.
Even though Microsoft itself wasn't at risk, this incident is a reminder that old-school security issues can still trip up fancy new AI tools.
If you're into tech—or just use Windows—this shows why keeping your software updated really matters.