-- Recently, F5 released NGINX security advisory K000161131, disclosing a vulnerability related to the NGINX ngx_http_proxy_v2_module, tracked as CVE-2026-42926. According to the advisory, under specific configurations, when NGINX Open Source proxies HTTP/2 traffic, an attacker may be able to inject HTTP/2 frame headers and payload bytes into upstream connections, causing a desynchronization issue between NGINX and upstream HTTP/2 peers.
F5 rated the vulnerability as medium severity. The issue affects NGINX Open Source versions 1.29.4 to 1.30.0 and related versions.
What makes this disclosure particularly noteworthy is the acknowledgement section of the advisory, where F5 specifically mentioned AiPy, a Chinese AI Agent known as “Octopus Brother,” as well as AiPy team member Hcamael. Public information indicates that, with the assistance of AiPy, researchers successfully uncovered this HTTP/2 proxy injection vulnerability.
For outside observers, the significance of this case goes beyond the discovery of a single vulnerability. It sends a broader signal: Chinese AI Agents are beginning to enter the highly specialized, practice-intensive field of global infrastructure software security research.
NGINX Widely Supports Internet Services, Making Its Security Risks Globally Relevant
NGINX is one of the world’s most widely used web servers and reverse proxy software products. It has long supported a large number of websites, cloud service platforms, enterprise business systems, application gateways, and load balancing scenarios.
According to W3Techs data from May 2026, NGINX is used by approximately 32.4% of websites with known web servers. Among the world’s top one million websites, its usage rate reaches 28.7%. Netcraft’s March 2026 Web Server Survey also shows that nginx powers around 322 million websites, accounting for 22.58% of all sites. In terms of web-facing computers, nginx accounts for as much as 42.36%.
This means that the disclosure of vulnerabilities related to NGINX modules naturally carries global implications. Although CVE-2026-42926 can only be triggered under specific configuration conditions and does not mean that all NGINX deployments are affected, any security issue involving NGINX is enough to draw attention from enterprises, cloud service providers, and security researchers worldwide.
More importantly, an HTTP/2 proxy injection vulnerability is not something that can be easily discovered through ordinary scanning. It involves multiple technical layers, including protocol mechanisms, proxy forwarding logic, communication states between downstream and upstream systems, and abnormal data handling. Such a vulnerability places high demands on researchers’ understanding of protocols, vulnerability modeling, and verification capabilities.
The fact that AiPy was able to play a role in this process shows that the capability boundaries of AI Agents are expanding from general task execution to more complex and professional technical workflows.
Chinese AI Is Entering More Demanding Technical Frontlines
Public information shows that AiPy is an open-source AI Agent product launched by Chinese company Knownsec in April 2025. Built on the combination of large language models and the Python ecosystem, AiPy can transform natural language tasks into executable workflows. It is capable of task understanding, tool invocation, local execution, and result delivery.
AiPy’s role in this vulnerability discovery reflects Knownsec’s long-term investment in both AI and cybersecurity. As a Chinese company positioned as a “full-stack secure AI company,” Knownsec has long focused on cloud defense, security big data, AI security, agent-based applications, and vulnerability analysis capabilities.
During vulnerability research, researchers often need to repeatedly carry out tasks such as environment setup, asset assessment, protocol analysis, payload debugging, result verification, and log comparison. These steps require professional judgment, but they also involve a large amount of repetitive, structured, and tool-based work.
AiPy’s value lies in combining AI’s understanding capabilities with local execution capabilities. It can quickly understand the core requirements of vulnerability discovery, automatically coordinate various tools, and complete a series of operations such as asset assessment, vulnerability scanning, threat intelligence correlation, and payload debugging. In doing so, it turns what were once tedious manual processes into more efficient automated tasks.
From the perspective of technological evolution, this is not merely an improvement in product functionality. It means that AI is moving beyond content generation and entering critical technical processes such as software security, code auditing, protocol analysis, and vulnerability verification.
And this time, the AI Agent appearing in the acknowledgement section of an international vendor’s security advisory comes from China.
Infrastructure Software Security Is Becoming a New Scenario for AI Capability Expansion
In recent years, the boundaries of AI applications have continued to expand. Beyond text generation, image generation, knowledge-based Q&A, and office automation, AI is increasingly entering more specialized and engineering-oriented scenarios, including software development, security operations, code analysis, system operations and maintenance, and digital infrastructure governance.
Against this backdrop, AiPy’s participation in the discovery of an NGINX vulnerability is highly representative. It shows that Chinese AI companies are not only focusing on model parameters, user experience, and application scenarios, but are also trying to embed AI capabilities into deeper, more specialized, and more infrastructure-oriented technical processes.
Infrastructure software security has long been a critical part of the global technology system. Vulnerability discovery, code auditing, security governance, and software supply chain protection are directly related to the stable operation of enterprise services and internet infrastructure. Those who can continuously accumulate capabilities in these areas may play a more important role in the future digital infrastructure security system.
In the past, global security research collaboration was mainly driven by international vendors, open-source communities, security teams, and independent researchers. Today, the appearance of a Chinese AI Agent in the security advisory of F5, an international vendor, suggests that Chinese technological capabilities are participating in the global infrastructure software security ecosystem in a new way.
This does not mean that competition will replace collaboration. In fact, vulnerability disclosure, vendor remediation, and public acknowledgement are all important components of the global software security collaboration mechanism. The appearance of AiPy also provides a new observation point for this collaborative system: AI Agents are becoming important assistants for security researchers and are beginning to deliver value in real-world technical scenarios.
The next stage of AI Agents is moving deeper into technical frontlines. Chinese AI has already begun to appear in these frontlines.
Beijing Knownsec Information Technology Co., Ltd., founded in 2007, is a full-stack secure AI company. With AI at its core and security as its foundation, the company has built a comprehensive AI capability system covering AI data services, AI computing power, AI middleware gateways, AI security protection, and AI agent applications.
Knownsec provides customers with services including cybersecurity protection, AI security governance, intelligent operations, and office automation efficiency improvement, helping enterprises achieve secure and controllable development, cost reduction, efficiency enhancement, and intelligent transformation. The company is committed to making AI safer and security smarter.For business inquiries or further information, please contact us at aipy@knownsec.com
Contact Info:
Name: Zhou Chengcheng
Email: Send Email
Organization: Beijing Knownsec Information Technology Co. Ltd.
Website: https://www.knownsec.com/
Release ID: 89192454
If you encounter any issues, discrepancies, or concerns regarding the content provided in this press release that require attention or if there is a need for a press release takedown, we kindly request that you notify us without delay at error@releasecontact.com (it is important to note that this email is the authorized channel for such matters, sending multiple emails to multiple addresses does not necessarily help expedite your request). Our responsive team will be available round-the-clock to address your concerns within 8 hours and take necessary actions to rectify any identified issues or guide you through the removal process. Ensuring accurate and reliable information is fundamental to our mission.
