TheLibrarian.io Internal Cloud Environment Access via web_fetch Tool

Affected Vendor(s)

TheLibrarian.io

Affected Product(s)

TheLibrarian.io

Summary

The web_fetch tool is intended to accept a public URL and retrieve the contents. When asked to retrieve the contents from a private destination (such as http://localhost), the AI rightly refuses. Unfortunately, it can be easily tricked and subverted.

‍By providing encoded or non-obvious variations, the AI does not validate the input and proceeds to point its fetching client inward, thereby exposing internal information.

Timeline

Discovered on
October 8, 2025
Disclosed to Vendor on
October 10, 2025
Published on
December 17, 2025

Credit

Aaron Portnoy

Blog Post

TheLibrarian.io's AI Security Is Checked Out, and Their Disclosure Response Is Overdue

References

Learn how Mindgard can help you navigate AI Security

Take the first step towards securing your AI. Book a demo now and we'll reach out to you.

Book a Demo
Protect your AI with Mindgard

Mindgard, the leading provider of Artificial Intelligence security solutions, helps enterprises secure their AI models, agents, and systems across the entire lifecycle. Mindgard’s solution uncovers shadow AI, conducts automated AI red teaming by emulating adversaries, and delivers runtime protection against attacks like prompt injection and agentic manipulation. Trusted by leading organizations in finance, healthcare, and technology, Mindgard is backed by investors including .406 Ventures, IQ Capital, Atlantic Bridge, and Lakestar.

©️ 2025 Mindgard limited
All rights Reserved