AI Sec Watch

AgentAPI (an HTTP interface for various AI coding assistants) versions 0.3.3 and below are vulnerable to a DNS rebinding attack (where an attacker tricks your browser into connecting to a malicious server that responds like your local machine), allowing unauthorized access to the /messages endpoint. This vulnerability can expose sensitive data stored locally, including API keys, file contents, and code the user was developing.

Deep neural networks (DNNs, machine learning models with many layers that learn patterns from data) are vulnerable to adversarial attacks, where small, carefully crafted changes to input data trick the AI into making wrong predictions, especially in critical areas like self-driving cars. This paper presents AI-Shielder, a method that intentionally embeds backdoors (hidden pathways that alter how the model behaves) into neural networks to detect and block adversarial attacks while keeping the AI's normal performance intact. Testing shows AI-Shielder reduces successful attacks from 91.8% to 3.8% with only minor slowdowns.

Healthcare organizations are collecting more patient data than ever, which creates privacy risks. This research proposes GFKMC (Generalization First k-Member Clustering), a new privacy method that protects patient identities by grouping similar records together while keeping the data useful for analysis, and it works better than older methods by losing less information when privacy protection is increased.

This research presents a method for detecting moving objects in encrypted video without decrypting it, protecting privacy when video processing is done in the cloud. The approach uses selective encryption (encrypting only certain parts of compressed video) and extracts motion information from encrypted video data, then applies deep learning with attention mechanisms (a technique that helps the AI focus on important regions) to identify moving objects even with incomplete information.

Machine unlearning (the process of removing a user's data from a trained AI model) needs verification to confirm that genuine user data was actually deleted, but current methods using backdoors (hidden triggers added to test if data is gone) can't properly verify removal of real user samples. This paper proposes SMS, or Self-Supervised Model Seeding, which embeds user-specific identifiers into the model's internal representation to directly link users' actual data with the model, enabling better verification that genuine samples were truly unlearned.

This paper presents ASGA, a method for creating adversarial attacks (small, crafted changes meant to trick AI models) on video action recognition systems (AI models that identify what actions people are performing in videos). The key innovation is that attackers can compute perturbations (the malicious changes) just once on important keyframes (selected frames that represent the video's content), then replicate these changes across the entire video, making the attack work even when the model samples frames differently and reducing computational cost.

This research studies federated learning (FL, a method where multiple devices collaboratively train an AI model without sending their data to a central server) on real IoT and edge devices (small computing devices like phones and sensors) rather than in simulated environments. The study examines how FL performs in realistic conditions, focusing on heterogeneous scenarios (situations where devices have different computing power, network speeds, and data types), and provides insights to help researchers and practitioners build more practical FL systems.

PyTorch version 2.7.0 has a vulnerability (CVE-2025-55560) that causes a Denial of Service (DoS, where a system becomes unavailable or unresponsive) when a model uses specific sparse tensor functions (torch.Tensor.to_sparse() and torch.Tensor.to_dense()) and is compiled by Inductor (PyTorch's code compilation tool). This issue stems from uncontrolled resource consumption, meaning the system uses up too many computing resources.

CVE-2025-55559 is a vulnerability in TensorFlow v2.18.0 where setting the padding parameter to 'valid' in tf.keras.layers.Conv2D (a layer used in neural networks for image processing) causes a Denial of Service (DoS, where a system becomes unavailable to users). The vulnerability is classified as uncontrolled resource consumption, meaning the system uses up resources like memory or CPU in an uncontrolled way.