Aeon AI Risk Management
101 authorization vulnerabilities across 60 open-source projects. One research sprint.
In the week of July 7, 2026, Aeon's AI-driven, human-reviewed security engine found 4 Critical and 32 High findings. Every finding was privately disclosed with a specific code-level fix.
Questions this page answers
- What did Aeon Labs find in its July 2026 research sprint?
- Aeon Labs found 101 authorization vulnerabilities across 60 open-source AI and infrastructure projects, including 4 Critical and 32 High findings.
- What was the dominant vulnerability class?
- Broken access control accounted for 92 findings, or 91% of the sprint total. The recurring pattern was an odd-one-out route that omitted an ownership, tenant, authentication, or redaction control enforced by sibling routes.
- Does Aeon identify affected projects publicly?
- Not while findings remain unpatched or in coordinated-disclosure triage. The public page is aggregate-only and names a project only after its GitHub Security Advisory is public.
- How were findings disclosed?
- Every finding was reported privately through the maintainer's security channel with a specific code-level fix before public mention.
Headline metrics
101 findings across 60 projects in one week, including 4 Critical, 32 High, 6 Medium-High, 53 Medium, and 6 Low or Low-Med findings.
Vulnerability classes
Broken access control accounted for 92 findings, or 91%. Missing authentication accounted for 7, with one path traversal and one sensitive-data-exposure finding.
Project categories
Approximately 45 findings were in AI, LLM, RAG, agent tools, and MCP servers. Approximately 50 were in dev-infra, SaaS, productivity, and data platforms, with approximately 6 in other projects.
The recurring pattern
The odd-one-out was a route that resolved an object by id alone, skipped an owner check, omitted shared authentication middleware, or missed server-side redaction enforced by sibling routes.
Recommended fixes
Scope every object lookup to the caller's tenant or owner, apply authentication at the router, enforce sibling-route contracts with tests, and redact uniformly on the server.
Responsible disclosure
Every finding was reported privately through the maintainer's security channel with a specific fix. Aeon does not publish exploit details for unpatched issues, and these aggregate figures identify no unfixed vulnerability.
Contact Aeon
Book an AI Exposure Assessment or contact info@airiskmanagement.ca. Aeon AI Risk Management serves clients globally.