Microsoft's ambitious NLWeb protocol—touted as 'HTML for the Agentic Web'—suffered an embarrassing path traversal vulnerability weeks after launch, exposing API keys for core AI models like GPT-4. The flaw highlights critical security gaps in next-gen AI infrastructure as Microsoft pushes rapid adoption.