
#91 - January security roundup: CVSS 10 in n8n, self-hosted AI scares, and nonstop patching
From The DevSecOps Talks Podcast by Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin
February 4, 2026 · 44 min · Episode 91
About this episode
The episode discusses a CVSS 10 vulnerability in n8n, risks associated with self-hosted AI assistants, and best practices for securing API keys and other sensitive data.
We kick off with a CVSS 10 in n8n, then look at self-hosted AI assistants with weak defaults and prompt injection risks. Are your API keys, inbox, and drives safe if a bot is open to the web? What should you rotate, patch, and hide behind a VPN? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.DevSecOps Talks podcast LinkedIn pageDevSecOps Talks podcast websiteDevSecOps Talks podcast YouTube channel
People in this episode
Hosts: Mattias Hemmingsson, Julien Bisconti, Andrey Devyatkin
Topics covered
- security
- AI
- patching
- CVSS
- API keys
- self-hosted
Keywords
- CVSS 10
- n8n
- self-hosted AI
- prompt injection
- API keys
- security
- patching
Mentioned in this episode
Organizations: DevSecOps Talks
Products: n8n
More episodes of The DevSecOps Talks Podcast
- #102 - The 90-Day Patch Window Is Dead With Ian Amit And Matias Madou · June 5, 2026 · 51 min
- #101 - Infrastructure as Code in 2026: Still Essential or Already Changing? · June 4, 2026 · 38 min
- #100 - 100 Episodes Later: What Still Matters in DevSecOps · May 7, 2026 · 41 min
- #99 - AI SRE and the End of 3 AM On-Call · April 28, 2026 · 48 min
- #98 - Beyond AI SRE · April 21, 2026 · 37 min
- #97 - Shift Left, Get Hacked: Supply Chain Attacks Hit Devs · April 15, 2026 · 36 min
Explore listener stats, chart rankings, contacts and more on the The DevSecOps Talks Podcast podcast page.