AI Sec Watch

PrivESD is a new system that allows machine learning classification (logistic regression, a technique for categorizing data) to work on encrypted streaming data (continuously flowing information that's been scrambled for privacy) while stored in the cloud. The system splits the computational work between cloud servers and edge devices (computers closer to where data originates) to reduce processing burden and privacy risks, and uses special encryption methods that still allow the system to compare values without revealing the actual data.

Hard sample mining (HSM, a technique for selecting the most difficult training examples to focus a model's learning) has emerged as a method to improve how efficiently deep neural networks (AI systems based on interconnected layers inspired by brain neurons) train and make them more robust to errors. This survey article reviews different HSM approaches and explains how they help address training inefficiency and data distribution biases (when training data doesn't represent real-world scenarios fairly) in deep learning.

This paper presents a new system for 3-D multiobject tracking (MOT, a technique where AI follows multiple objects moving through 3-D space) used in autonomous vehicles to improve safety. The system uses a voxel masking encoder (a method that processes 3-D space divided into small cubes, focusing on important features while ignoring empty space) and deep hashing (a technique that converts objects into compact numerical codes for fast comparison) to better track distant objects, partially hidden objects, and similar-looking objects. The method was tested on the KITTI dataset (a standard collection of driving videos used to evaluate autonomous vehicle systems) and showed better tracking accuracy than existing methods.

FedMPS is a federated learning (FL, a technique where multiple computers train an AI model together without sharing raw data) framework that addresses performance problems caused by data heterogeneity (differences in data across participants). Instead of exchanging full model parameters, FedMPS transmits only prototypes (representative feature patterns) and soft labels (probability-based output predictions), which reduces communication costs and improves how well models learn from each other.

Researchers created a method called UTE-SS (Unlearnable text examples generation via syntax-oriented shortcut) to protect text data from being used to train AI models without permission. The method adds small, hard-to-notice changes to text by altering its syntax (grammatical structure) so that language models learn misleading patterns instead of useful information, making the text data effectively useless for training.

Mastra (a TypeScript framework for building AI agents and assistants) versions 0.13.8 through 0.13.20-alpha.0 have a directory traversal vulnerability, which means an attacker can bypass security checks to list files and folders in any directory on a user's computer, potentially exposing sensitive information. The flaw exists because while the code tries to prevent path traversal (unauthorized access to files through manipulated file paths) for reading files, a separate part of the code that suggests directories can be exploited to work around this protection.

Cursor is a code editor designed for programming with AI help. Versions 1.6.23 and below have a security flaw where they use case-sensitive checks (checking uppercase and lowercase letters as different) to protect sensitive files, which allows attackers to use prompt injection (tricking the AI with hidden instructions) to modify these files and gain remote code execution (the ability to run commands on the victim's computer) on case-insensitive filesystems (systems that treat uppercase and lowercase letters the same).

Claude Code versions before 1.0.120 had a security flaw where it could bypass file access restrictions by following symlinks (shortcuts that point to other files). Even if a user blocked Claude Code from accessing a file, the tool could still read it if there was a symlink pointing to that blocked file.

Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.7 and below where attackers can use prompt injection (tricking the AI by hiding instructions in its input) to modify sensitive configuration files and achieve remote code execution (RCE, where an attacker can run commands on a system they don't own). This vulnerability is especially dangerous on case-insensitive filesystems (systems that treat uppercase and lowercase letters as the same).