AI Sec Watch

n8n (a workflow automation tool) has a security flaw where authenticated users who can create or modify workflows could access uninitialized memory buffers (chunks of computer memory that haven't been cleared), potentially exposing sensitive data like secrets or tokens from previous requests in the same process. This vulnerability only affects systems where Task Runners are enabled and can be limited in external runner mode (where the runner operates in a separate, isolated process).

PadNet is a defense method designed to protect neural networks (AI models that learn patterns from data) against adversarial examples (specially crafted inputs that trick AI systems into making wrong predictions). The paper, published in an academic journal, presents techniques to make these AI systems more robust when facing such attacks.

Anthropic, an AI company, restricted how the military could use its AI models, leading the Trump administration to blacklist it as a supply-chain risk (a potential weak point in defense systems). Now, Democratic senators are proposing bills to legally enforce these restrictions, including requirements that humans make final decisions about life-and-death situations and limits on using AI for mass surveillance (automated monitoring of large populations) of Americans.

Mark Zuckerberg, Larry Ellison, Jensen Huang, and Sergey Brin have been named to the President's Council of Advisors on Science and Technology (PCAST), a new advisory panel that will provide input on AI policy and other technology matters to the U.S. President. The panel will start with 13 members but could expand to 24, and will be co-chaired by David Sacks and Michael Kratsios.

Two versions of LiteLLM (a Python library for working with multiple AI models), versions 1.82.7 and 1.82.8, were published with malware that steals user credentials (usernames, passwords, and authentication tokens). This is a critical security issue because anyone who installed these specific versions could have their sensitive login information compromised.

Connected autonomous vehicles (CAVs) use multiple types of sensors, like LiDAR (light-based radar that creates 3D maps) and cameras, to understand their surroundings, and combining information from both sensors improves accuracy. However, this sensor fusion process can leak private information and relies on a third party to generate random numbers, which could be compromised by attackers. Researchers propose MPOF, a model that uses secure computation protocols (mathematical methods that let systems calculate results without exposing raw data) and sacrificial verification (a technique that detects when a third party behaves maliciously) to protect privacy while defending against attacks from that third party.

Semi-supervised learning (SSL, a training method where models learn from both labeled and unlabeled data) is vulnerable to backdoor attacks, where attackers can corrupt model predictions by poisoning a small portion of training data with hidden triggers. This paper reveals that SSL backdoor attacks are particularly dangerous because they exploit the pseudo-labeling mechanism (the process where the model assigns labels to unlabeled data) to create stronger trigger-target correlations than in supervised learning. The researchers propose Backdoor Invalidator (BI), a defense framework using complementary learning, trigger mix-up, and dual domain filtering to obstruct and filter backdoor influences during both feature learning and data processing.

Deep neural networks (machine learning models with many layers that process information) are vulnerable to adversarial examples, which are inputs slightly modified to fool the AI into making wrong predictions. This paper proposes adding a redundant fully connected layer (a type of neural network component that connects all inputs to all outputs) with a special loss function to make these networks more robust against attacks while maintaining accuracy on normal inputs.

This research presents a new framework called Propose-Rectify that helps detect and locate image manipulations (alterations made to photos) by combining two approaches: first, a semantic reasoning stage uses a modified LLaVA model (a multimodal AI that understands both images and language) to identify suspicious regions, and second, a refinement stage uses specialized forensic analysis (technical methods that detect tampering traces) to validate and precisely locate the manipulated areas. The framework bridges the gap between AI understanding and forensic detection, achieving better accuracy than previous methods.