AI Sec Watch

This research paper proposes FedNK-RF, an algorithm for federated learning (a decentralized approach where multiple parties train AI models together while keeping their data private) that handles heterogeneous data (data that differs significantly across different sources). The algorithm uses random features and Nyström approximation (a mathematical technique that reduces computational errors) to improve accuracy while maintaining privacy protection, and the authors prove it achieves optimal performance rates.

Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.6 and below where Mermaid (a tool for rendering diagrams) can embed images that get displayed in the chat box. An attacker can exploit this through prompt injection (tricking the AI by hiding instructions in its input) to send sensitive information to an attacker-controlled server, or a malicious AI model might trigger this automatically.

Claude Code (an AI tool that writes and runs code automatically) had a security flaw in versions before 1.0.111 where it could execute code from a project before the user confirmed they trusted the project. An attacker could exploit this by tricking a user into opening a malicious project directory.

Federated learning schemes (systems where multiple parties train AI models together while keeping data private) that use two servers for privacy protection were found to leak user data when facing model poisoning attacks (where malicious users deliberately corrupt the learning process). The researchers propose an enhanced framework called PBFL that uses Byzantine-robust aggregation (a method to safely combine data from untrusted sources), normalization checks, similarity measurements, and trapdoor fully homomorphic encryption (a technique for doing calculations on encrypted data without decrypting it) to protect privacy while defending against poisoning attacks.

This research proposes a data aggregation framework (a system for combining data from multiple sources) that evaluates how trustworthy different data sources are using dynamic Bayesian networks (a model that updates trust scores based on changing network behavior over time). The framework combines trust measurement with the minimum spanning tree protocol (an algorithm for efficient data routing) to improve how data centers process large amounts of information, achieving significant reductions in computational, communication, and storage costs.

This research presents a new method for performing topological data analysis (TDA, a technique that finds shape-based patterns in complex data) on encrypted information using homomorphic encryption (HE, a type of encryption that lets computers process data without decrypting it first). The authors adapted a fundamental TDA algorithm called boundary matrix reduction to work with encrypted data, proved it works correctly mathematically, and tested it using the OpenFHE framework to show it functions properly on real encrypted data.

This paper addresses the lack of technical tools for regulating high-risk AI systems by proposing SFAIR (Secure Framework for AI Regulation), a system that automatically tests whether an AI meets regulatory standards. The framework uses a temporal self-replacement test (similar to certification exams for human operators) to measure an AI's operational qualification score, and protects itself using encryption, randomization, and real-time monitoring to prevent tampering.

This paper presents M²VT, a new AI defense system that uses multiview-multitask learning (processing multiple sets of features at once to perform several related tasks) to detect and classify cyberattacks on IoT devices (connected smart devices and systems). The system achieves over 96% accuracy by using autoencoders (neural networks that compress and extract important patterns from data) and LSTM networks (a type of AI that understands sequences over time) to simultaneously detect attacks, categorize them, and classify their types.

Many companies find it difficult to scale AI systems (machine learning models that learn patterns from data) globally because these systems make existing technology management problems worse and introduce new challenges. Based on a study of how industrial company Siemens AG handles this, the source identifies five critical risks in managing AI technology and offers recommendations for successfully deploying AI systems across an entire organization.