TheLibrarian.io Internal Cloud Environment Access via web_fetch Tool

Affected Vendor(s)

TheLibrarian.io

Affected Product(s)

TheLibrarian.io

Summary

The web_fetch tool is intended to accept a public URL and retrieve the contents. When asked to retrieve the contents from a private destination (such as http://localhost), the AI rightly refuses. Unfortunately, it can be easily tricked and subverted.

‍By providing encoded or non-obvious variations, the AI does not validate the input and proceeds to point its fetching client inward, thereby exposing internal information.

Timeline

Discovered on
October 8, 2025
Disclosed to Vendor on
October 10, 2025
Published on
December 17, 2025

Credit

Aaron Portnoy

Blog Post

TheLibrarian.io's AI Security Is Checked Out, and Their Disclosure Response Is Overdue

References

Start Securing Your AI Systems

See how Mindgard exposes and fixes exploitable AI risk across your AI agents and systems.

Book a Demo

Mindgard, the leading provider of AI security solutions, helps enterprises discover, assess, and defend their AI systems. Spun out from over a decade of AI security research at Lancaster University and headquartered in Boston and London, Mindgard combines AI red teaming with offensive security expertise and AI research to identify exploitable vulnerabilities in AI models, agents, and applications before attackers do.

AICPA SOC SOC 2 Type 2 Compliant
HomeAI Recon & DiscoveryAI Security and Safety AssessmentAI Runtime ProtectionAI Red TeamingOffensive AI SecurityCompare AI Security SolutionsAI Governance & ComplianceContact UsBook a Demo
DocsResourcesBlogDisclosuresCustomersAboutServicesCareersTerms & ConditionsPrivacy Policy