#91 - January security roundup: CVSS 10 in n8n, self-hosted AI scares, and nonstop patching

#91 - January security roundup: CVSS 10 in n8n, self-hosted AI scares, and nonstop patching

From The DevSecOps Talks Podcast by Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin

February 4, 2026 · 44 min · Episode 91

About this episode

The episode discusses a CVSS 10 vulnerability in n8n, risks associated with self-hosted AI assistants, and best practices for securing API keys and other sensitive data.

We kick off with a CVSS 10 in n8n, then look at self-hosted AI assistants with weak defaults and prompt injection risks. Are your API keys, inbox, and drives safe if a bot is open to the web? What should you rotate, patch, and hide behind a VPN? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.DevSecOps Talks podcast LinkedIn pageDevSecOps Talks podcast websiteDevSecOps Talks podcast YouTube channel

People in this episode

Hosts: Mattias Hemmingsson, Julien Bisconti, Andrey Devyatkin

Topics covered

  • security
  • AI
  • patching
  • CVSS
  • API keys
  • self-hosted

Keywords

  • CVSS 10
  • n8n
  • self-hosted AI
  • prompt injection
  • API keys
  • security
  • patching

Mentioned in this episode

Organizations: DevSecOps Talks

Products: n8n

More episodes of The DevSecOps Talks Podcast

Explore listener stats, chart rankings, contacts and more on the The DevSecOps Talks Podcast podcast page.