Aeon AI Risk Management

101 authorization vulnerabilities across 60 open-source projects. One research sprint.

In the week of July 7, 2026, Aeon's AI-driven, human-reviewed security engine found 4 Critical and 32 High findings. Every finding was privately disclosed with a specific code-level fix.

Questions this page answers

What did Aeon Labs find in its July 2026 research sprint?
Aeon Labs found 101 authorization vulnerabilities across 60 open-source AI and infrastructure projects, including 4 Critical and 32 High findings.
What was the dominant vulnerability class?
Broken access control accounted for 92 findings, or 91% of the sprint total. The recurring pattern was an odd-one-out route that omitted an ownership, tenant, authentication, or redaction control enforced by sibling routes.
Does Aeon identify affected projects publicly?
Not while findings remain unpatched or in coordinated-disclosure triage. The public page is aggregate-only and names a project only after its GitHub Security Advisory is public.
How were findings disclosed?
Every finding was reported privately through the maintainer's security channel with a specific code-level fix before public mention.

Headline metrics

101 findings across 60 projects in one week, including 4 Critical, 32 High, 6 Medium-High, 53 Medium, and 6 Low or Low-Med findings.

Vulnerability classes

Broken access control accounted for 92 findings, or 91%. Missing authentication accounted for 7, with one path traversal and one sensitive-data-exposure finding.

Project categories

Approximately 45 findings were in AI, LLM, RAG, agent tools, and MCP servers. Approximately 50 were in dev-infra, SaaS, productivity, and data platforms, with approximately 6 in other projects.

The recurring pattern

The odd-one-out was a route that resolved an object by id alone, skipped an owner check, omitted shared authentication middleware, or missed server-side redaction enforced by sibling routes.

Recommended fixes

Scope every object lookup to the caller's tenant or owner, apply authentication at the router, enforce sibling-route contracts with tests, and redact uniformly on the server.

Responsible disclosure

Every finding was reported privately through the maintainer's security channel with a specific fix. Aeon does not publish exploit details for unpatched issues, and these aggregate figures identify no unfixed vulnerability.

Contact Aeon

Book an AI Exposure Assessment or contact info@airiskmanagement.ca. Aeon AI Risk Management serves clients globally.