AI Sec Watch

FedMPS is a federated learning (FL, a technique where multiple computers train an AI model together without sharing raw data) framework that addresses performance problems caused by data heterogeneity (differences in data across participants). Instead of exchanging full model parameters, FedMPS transmits only prototypes (representative feature patterns) and soft labels (probability-based output predictions), which reduces communication costs and improves how well models learn from each other.

Researchers created a method called UTE-SS (Unlearnable text examples generation via syntax-oriented shortcut) to protect text data from being used to train AI models without permission. The method adds small, hard-to-notice changes to text by altering its syntax (grammatical structure) so that language models learn misleading patterns instead of useful information, making the text data effectively useless for training.

Mastra (a TypeScript framework for building AI agents and assistants) versions 0.13.8 through 0.13.20-alpha.0 have a directory traversal vulnerability, which means an attacker can bypass security checks to list files and folders in any directory on a user's computer, potentially exposing sensitive information. The flaw exists because while the code tries to prevent path traversal (unauthorized access to files through manipulated file paths) for reading files, a separate part of the code that suggests directories can be exploited to work around this protection.

Cursor is a code editor designed for programming with AI help. Versions 1.6.23 and below have a security flaw where they use case-sensitive checks (checking uppercase and lowercase letters as different) to protect sensitive files, which allows attackers to use prompt injection (tricking the AI with hidden instructions) to modify these files and gain remote code execution (the ability to run commands on the victim's computer) on case-insensitive filesystems (systems that treat uppercase and lowercase letters the same).

Claude Code versions before 1.0.120 had a security flaw where it could bypass file access restrictions by following symlinks (shortcuts that point to other files). Even if a user blocked Claude Code from accessing a file, the tool could still read it if there was a symlink pointing to that blocked file.

Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.7 and below where attackers can use prompt injection (tricking the AI by hiding instructions in its input) to modify sensitive configuration files and achieve remote code execution (RCE, where an attacker can run commands on a system they don't own). This vulnerability is especially dangerous on case-insensitive filesystems (systems that treat uppercase and lowercase letters as the same).

Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7 and below where it automatically loads configuration files from project directories, which can be exploited by attackers. If a user runs Cursor's command-line tool (CLI) in a malicious repository, an attacker could use prompt injection (tricking the AI by hiding instructions in its input) combined with permissive settings to achieve remote code execution (the ability to run commands on the user's system without permission).

LlamaIndex released version 0.14.4 on September 24, 2025, with updates across multiple packages that integrate with different AI services and databases. Most updates fixed dependency issues with OpenAI libraries, while others added new features like support for Claude Sonnet 4.5 and structured outputs, and fixed bugs in areas like authorization headers and data fetching.

Cursor is a code editor that lets programmers work with AI assistance. In versions 1.7 and below, when using MCP (a system for connecting external tools to AI) with OAuth authentication (a login method), an attacker can trick Cursor into running malicious commands by pretending to be a trusted service, potentially giving them full control of the user's computer.