WordPress 7.0 Launches Amid Security Concerns Over AI Infrastructure

The launch of WordPress 7.0, dubbed "Armstrong," has been marred by significant security concerns regarding its new AI infrastructure, which poses a tempting target for hackers aiming to steal API keys. Released on May 20, 2026, the update intended to improve collaboration features but instead introduced several AI components without resolving existing vulnerabilities.

AI Infrastructure Overview

WordPress 7.0 represents the first integration of a dedicated AI substrate within the core system. This includes the WP AI Client, Connectors API, and a JavaScript version of the Abilities API from the previous version, 6.9. The WP AI Client serves as a provider-agnostic PHP API, allowing developers to simplify interactions with various AI models, including those from OpenAI and Anthropic, through a single interface. Instead of requiring separate integrations for different AI services, developers can now streamline their plugin development with this unified system.

The Connectors API acts as a credential management layer, enabling site administrators to handle API keys through a new settings interface. This feature aims to maintain vendor neutrality by allowing connections to multiple AI providers without embedding their code directly into the WordPress core. However, the implications of this feature have raised concerns among security experts.

Security Vulnerabilities Emerge

Shortly after the release, Oliver Sild, founder of the security firm Patchstack, spotlighted the risks linked to the new AI infrastructure. Sild warned that the combination of WordPress 7.0's AI capabilities and the platform's existing vulnerabilities presents a prime opportunity for attackers. Stolen API keys could lead to extensive misuse, such as running bot networks or conducting phishing attacks.

Sild remarked, "WordPress 7.0 combined with plugin vulnerabilities = free AI tokens. There will be an absolute rush by hackers to steal API keys." This warning is underscored by past incidents, including a vulnerability in the AI Engine plugin that permitted unauthorized access to sensitive tokens.

The potential for API key exploitation is exacerbated by reports that the new AI integration setup form does not adequately secure sensitive data, allowing browsers to autofill API keys in plain text. This oversight means that anyone with access to a shared computer or active browser session could potentially obtain those credentials.

Architectural Limitations

These security concerns are intensified by the architectural framework of WordPress itself. Developers have noted that once an attacker gains database access, they can exploit any stored secrets within the platform. This highlights the need for a more sophisticated permissions model to govern access to sensitive credentials.

While some community members, including Automattic's CEO Matt Mullenweg, argue that properly maintained WordPress sites are secure, the reality is that the median time to mass exploitation of high-impact vulnerabilities is alarmingly short—just five hours, according to Patchstack’s research.

Future Outlook

Although the AI infrastructure in WordPress 7.0 sets the stage for future enhancements, it is evident that this release serves as a foundation rather than a complete solution. The WP AI Client does not autonomously send data to AI providers; this requires explicit action from plugin code. The anticipated user-facing features will not be part of the core release but will rely on third-party plugins built atop this new infrastructure.

As WordPress enters this new phase, the immediate focus must be on addressing the security implications of its new features. Administrators should implement strict billing caps for API usage and regularly audit which plugins expose sensitive capabilities. The evolution of WordPress into a more agent-friendly environment is on the horizon, but it comes with an urgent need for improved security measures to safeguard users from emerging threats.