frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

We mapped unauthenticated Vector DBs exposing corporate AI data

2•echelongraph•1h ago
We noticed a massive spike in misconfigured RAG pipelines leaving vector ports open to the public internet with zero auth. We built a live map pulling OSINT data to visualize the scale of the leak: https://echelongraph.io/ai-threat-map

It highlights why perimeter security is failing in the AI rush, and why we are building EchelonGraph to process telemetry with zero-knowledge encapsulation at the source. Happy to answer questions.

Comments

namanvyas•1h ago
This tracks with what I've been seeing. Milvus alone had two nasty CVEs recently, one was a full auth bypass on the proxy component and the other was unauthenticated debug endpoints exposed on default ports with a predictable auth token. People are spinning up these vector DBs the same way they used to spin up Elasticsearch clusters in 2015, default configs, no auth, straight to the internet. We learned this lesson already and apparently forgot it.
echelongraph•1h ago
The 2015 Elasticsearch comparison is the same 'rush to prod' mistake, but with a much worse blast radius. With ES, an attacker still had to figure out your index structure, but with an open vector DB, they can just semantically query for 'production API keys' and the database hands them over. Those recent Milvus CVEs just prove that the perimeter always fails eventually via zero-days or bad configs, which is exactly why we are building EchelonGraph. You have to assume the infrastructure will get exposed at some point, so if you aren't using encapsulation at the source to make the actual payload mathematically useless to an attacker. It's really just a matter of time before it leaks.

Show HN: A visual CSS editor, Mac native

https://bendansby.com/cest/
1•webwielder2•37s ago•0 comments

生き甲斐 (ikigai) “a reason for being”

https://en.wikipedia.org/wiki/Ikigai
1•guessmyname•2m ago•0 comments

Ping-Pong Robot Stuns World by Defeating Elite Human Players [video]

https://www.youtube.com/watch?v=lWp6XNHaWRk
1•mgh2•3m ago•0 comments

I'm Using Claude Code for Everything Else but Coding

https://chandlernguyen.com/blog/2026/04/22/im-using-claude-code-for-everything-else-but-coding/
1•chandlernguyen•4m ago•0 comments

We built a multi-agent app on Genkit and Firebase

https://www.conveen.ai/building-with-genkit-and-firebase
2•ruby-kandah•5m ago•0 comments

Tom Lehrer (1928–2025): A (Mostly) Mathematical Appreciation [pdf]

https://www.ams.org/journals/notices/202602/rnoti-p118.pdf
1•ganitam•6m ago•1 comments

There's Another Reason Gen Z Can't Find Work

https://www.nytimes.com/2026/04/22/opinion/gen-z-job-ladder.html
1•doener•7m ago•0 comments

Proximal Policy Optimization with Clojure and PyTorch

https://clojurecivitas.org/ppo/main.html
1•wedesoft•7m ago•1 comments

Oxford Calculators

https://en.wikipedia.org/wiki/Oxford_Calculators
2•danielam•7m ago•0 comments

Apple Is Boring Now

https://www.theatlantic.com/ideas/2026/04/tim-cook-ternus-apple/686893/
1•paulpauper•7m ago•0 comments

A 'Barbaric' Problem in American Hospitals Is Only Getting Bigger

https://www.theatlantic.com/health/2026/04/emergency-department-boarding-crisis/686765/
1•paulpauper•8m ago•0 comments

Tensor Algebra to Represent and Accelerate RTL Simulation

https://arxiv.org/abs/2601.18140
2•sha_rad•9m ago•0 comments

Notes from a Marketer Building a Real CLI with Codex

https://lindsaybrunner.com/thoughts/2026-04-11/building-a-cli-with-ai/
1•mooreds•13m ago•0 comments

Show HN: RedAI – AI-driven vulnerability discovery and live validation

https://github.com/kpolley/redai
1•kpolls•15m ago•0 comments

Bun 1.1.13 out with memory fixes as dev complain of leaks

https://www.theregister.com/2026/04/21/anthropics_bun_1113_released_with_memory_fixes/
1•birdculture•16m ago•0 comments

The AI Power Bottleneck: Data Centers Meet the Steel Monopoly

https://blog.adafruit.com/2026/04/22/the-ai-power-bottleneck-data-centers-meet-the-steel-monopoly/
2•zdw•18m ago•0 comments

If This Road

https://ifthisroad.com/
2•Oarch•20m ago•0 comments

Tim Cook Regrets Maps Flub, Sees Apple Watch as His Proudest Work

https://www.bloomberg.com/news/articles/2026-04-22/tim-cook-regrets-maps-flub-sees-apple-watch-as...
2•amrrs•21m ago•0 comments

Polymarket weather bet manipulated with a hairdryer

https://twitter.com/aaronjmars/status/2047017251270734309
3•dnw•22m ago•0 comments

Show HN: Markdown editor with Obsidian-style inline live preview

https://kenforthewin.github.io/atomic-editor/
1•kenforthewin•22m ago•1 comments

How we think about truth, verification, and "time to first trust" at Webhound

https://www.webhound.ai/news/time-to-first-trust
1•mfkhalil•24m ago•0 comments

ICE detains wife of US Army soldier at immigration appointment

https://www.bbc.com/news/articles/c8r460gj7eko
9•tartoran•28m ago•0 comments

F-35s Quarterbacking Drones Seen as Gateway to USMC's 6th Gen Fighter

https://www.twz.com/air/f-35s-quarterbacking-drones-seen-as-gateway-to-usmcs-6th-gen-fighter
5•breve•29m ago•0 comments

Grasshopper: Advanced Tab Manager

https://addons.mozilla.org/en-US/firefox/addon/grasshopper-urls/
1•madprops•34m ago•1 comments

Qualtrics Survey Licensing Cost

1•rajivijay•35m ago•1 comments

Kahtooee.com

https://kahtooee.com
1•canihelpai•38m ago•1 comments

GCC 16 Compiler Nearly Ready for Release with Zen 6, AVX10.2, APX and Algol 68

https://www.phoronix.com/news/GCC-16.1-Coming-Soon
1•rbanffy•39m ago•0 comments

The Neon King of New Orleans

https://gardenandgun.com/new-orleans-neon-king
7•renameme•39m ago•0 comments

The Second Time Will Be the IPO Charm for Cerebras

https://www.nextplatform.com/compute/2026/04/22/the-second-time-will-be-the-ipo-charm-for-cerebra...
1•rbanffy•40m ago•0 comments

Chaotic fluctuations mark mental activity in task-based heart rate variability

https://www.nature.com/articles/s41598-026-43385-z
2•bookofjoe•41m ago•0 comments