AI Sec Watch

OpenAI abruptly shut down Sora, its AI video generator tool (software that creates realistic videos from text descriptions), just six months after launching it as a standalone app in 2024. The company announced the closure on social media, thanking users who created and shared videos with the platform.

OpenAI shut down its Sora app, a tool that let users generate short videos (create videos from text descriptions) and remix videos from other users, just six months after launching it despite reaching one million downloads. The company is cutting costs to justify its $730 billion valuation and focus on high-productivity business uses, particularly competing in the enterprise (business) market rather than consumer applications.

CVE-2026-24158 is a vulnerability in NVIDIA Triton Inference Server's HTTP endpoint that allows attackers to cause a denial of service (temporarily making a service unavailable) by sending a large compressed payload. The vulnerability stems from improper memory allocation (CWE-789, where a system reserves too much memory based on untrusted input).

NVIDIA Model Optimizer for Windows and Linux has a vulnerability in its ONNX quantization feature (a technique that makes AI models smaller and faster by reducing precision) where unsafe deserialization (unsafely converting data from a file into program objects) can occur when a user provides a specially crafted input file. A successful attack could allow an attacker to execute code, gain higher privileges, change data, or steal information.

NVIDIA Triton Inference Server has a vulnerability (CVE-2025-33254) where an attacker can corrupt internal state, a condition that occurs when data becomes inconsistent or broken, potentially causing a denial of service (making a service unavailable to legitimate users). The vulnerability is caused by a race condition (a bug that happens when multiple processes access shared data at the same time without proper coordination).

NVIDIA APEX for Linux has a vulnerability where attackers can deserialize untrusted data (process data from untrusted sources, potentially running malicious code hidden in that data), affecting PyTorch versions earlier than 2.6. A successful attack could allow code execution, denial of service (making a system unavailable), privilege escalation (gaining higher access levels), data tampering, and information disclosure.

CVE-2025-33238 is a vulnerability in NVIDIA Triton Inference Server's Sagemaker HTTP server that allows an attacker to trigger an exception, potentially causing a denial of service (DoS, where a system becomes unavailable to legitimate users). The underlying issue involves a race condition (a timing flaw when multiple processes access shared resources without proper protection).

Baltimore has become the first major U.S. city to sue Elon Musk's xAI over its Grok image generator, which can create deepfakes (AI-manipulated videos or images that realistically fake someone's appearance or actions) of non-consensual sexual content involving women and children. The lawsuit claims xAI violated consumer protection laws by marketing Grok and X as safe while allowing mass creation of non-consenting intimate images (sexually explicit content created without permission) and child sexual abuse material. Baltimore is asking the court to force xAI to stop targeting its residents, redesign its platforms to prevent exploitation, and change its marketing practices.

Anthropic, an AI company, is suing the US Department of Defense in federal court to challenge a ban on government use of its Claude AI chatbot after the company refused to allow the technology to be used in autonomous weapons systems (machines that can make lethal decisions without human control) and mass surveillance. The Defense Secretary declared Anthropic a supply chain risk (a company considered unsafe to do business with), which the company argues will cause massive financial and business harm.