aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6344 items

GHSA-q29p-9pfr-j652: libcrux-sha3: Incorrect output from SHAKE squeeze functions

highvulnerability
security
Mar 26, 2026

A bug in libcrux-sha3's SHAKE squeeze functions (incremental operations that extract output from a cryptographic sponge construction) caused them to skip the first block of data when extracting more than a certain amount (168 bytes for SHAKE128, 136 for SHAKE256). This meant users got incorrect, incomplete output from these functions, though it did not affect the library's use in other systems like libcrux-ml-kem or libcrux-ml-dsa.

Fix: Starting from version 0.0.8, the squeeze functions correctly output all blocks including the first block.

GitHub Advisory Database

GHSA-xrf2-5r3p-5wgj: libcrux: Panic in Signature Hint Decoding During Verification

highvulnerability
security
Mar 26, 2026

libcrux, a library implementing ML-DSA (a post-quantum digital signature algorithm), had a bug in hint decoding during signature verification where it failed to validate that cumulative hint counters stayed within bounds for the last row of data. An attacker could craft a malicious signature that causes the decoder to read outside its memory bounds, triggering a runtime panic (sudden crash).

GHSA-98c2-4cr3-4jc3: n8n has SQL Injection in Data Table Node via orderByColumn Expression

highvulnerability
security
Mar 26, 2026
CVE-2026-33713

n8n, a workflow automation tool, has a SQL injection vulnerability (a security flaw where attackers can insert malicious database commands) in its Data Table Get node that allows authenticated users to manipulate database queries. On PostgreSQL databases, attackers could modify or delete data, though the risk is more limited on the default SQLite database.

GHSA-mxrg-77hm-89hv: n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE

criticalvulnerability
security
Mar 26, 2026
CVE-2026-33696

A prototype pollution vulnerability (a type of attack that modifies how objects are created in JavaScript) in n8n's GSuiteAdmin node allows authenticated users to execute arbitrary code on the n8n server by crafting malicious workflow parameters. An attacker with permission to create or modify workflows could exploit this to gain control over the entire n8n instance.

datasette-llm 0.1a2

infonews
industry
Mar 26, 2026

This is a brief announcement about datasette-llm version 0.1a2, posted by Simon Willison on March 26, 2026. The post appears to be part of a monthly briefing on LLM (large language model) developments, with a sponsorship offer for readers interested in curated summaries of important AI news.

Gemini 3.1 Flash Live: Making audio AI more natural and reliable

infonews
industry
Mar 26, 2026

Google has released Gemini 3.1 Flash Live, a new audio model that makes voice conversations with AI sound more natural and reliable by understanding tone better and responding faster. Developers can use it through the Gemini Live API to build voice agents for complex tasks, while regular users can access it through Search Live and Gemini Live across over 200 countries. The model includes audio watermarking (a hidden digital marker added to audio to verify its source) to help prevent misinformation.

Wikipedia bans AI-generated articles

infonews
policy
Mar 26, 2026

Wikipedia has banned editors from using AI to write or rewrite articles, citing violations of the site's content policies. However, the ban allows limited AI use for specific tasks like suggesting minor edits (copyedits, which are small fixes to grammar and style) and translating articles between language versions.

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs

infonews
securityresearch

Conntour raises $7M from General Catalyst, YC to build an AI search engine for security video systems

infonews
industry
Mar 26, 2026

Conntour is an AI-powered video search platform that uses vision-language models (AI systems trained to understand both images and text) to let security personnel search through surveillance footage using natural language queries, similar to how Google searches the web. The startup raised $7 million in funding and distinguishes itself by efficiently scaling to handle thousands of camera feeds while running on standard consumer hardware like Nvidia GPUs. The company's founders emphasize being selective about which clients they work with based on ethical and legal considerations.

Using a VPN May Subject You to NSA Spying

infonews
policy
Mar 26, 2026

Democratic lawmakers are asking the U.S. intelligence chief to clarify whether Americans using commercial VPN services (tools that route internet traffic through servers to hide a user's location) might lose constitutional privacy protections. The concern is that intelligence agencies use a default rule assuming communications of unknown origin are foreign, so Americans routed through VPN servers could be treated as non-citizens and subjected to warrantless surveillance under Section 702 of the Foreign Intelligence Surveillance Act.

GDetox: Purifying Backdoor Encoder in Graph Self-Supervised Learning via Knowledge Distillation

inforesearchPeer-Reviewed
security

Component-Specific Prompt Tuning for Deepfake Detection

inforesearchPeer-Reviewed
research

Software Security Is Your Highest Priority. Do Your Developers Know That?

inforesearchPeer-Reviewed
security

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

highnews
security
Mar 26, 2026

A vulnerability called ShadowPrompt in Anthropic's Claude Chrome extension allowed attackers to inject malicious prompts (hidden instructions) into the AI without user interaction by exploiting two flaws: an overly permissive allowlist that trusted any subdomain matching *.claude.ai, and an XSS vulnerability (a security flaw allowing attackers to run malicious code) in an Arkose Labs CAPTCHA component. This zero-click attack could let attackers steal sensitive data, read conversation history, or perform actions like sending emails on behalf of the victim.

EU backs nude app ban and delays to landmark AI rules 

infonews
policy
Mar 26, 2026

European lawmakers voted to delay compliance deadlines for the EU AI Act, pushing back requirements for developers of high-risk AI systems (those that could seriously harm health, safety, or people's rights) until December 2027, with even later deadlines for AI used in regulated sectors like medical devices. The Parliament also backed proposals to ban nudify apps, which use AI to create fake nude images of people without consent.

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

infonews
industry
Mar 26, 2026

Databricks has introduced Lakewatch, a new open agentic SIEM (Security Information and Event Management, a tool that collects and analyzes security logs from across a system) that aims to be cheaper than traditional security tools by charging based on compute usage rather than data ingestion. While analysts agree that SIEM costs are a real problem, they caution that Lakewatch's savings may be less straightforward than promised, since costs could shift from data storage to computing power rather than disappear entirely.

Creator of AI actor Tilly Norwood says she received death threats over project

infonews
safetyindustry

OpenAI shelves erotic chatbot ‘indefinitely’

infonews
policysafety

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters

infonews
policy
Mar 26, 2026

The Trump administration issued an executive order that prevents states from regulating AI by threatening to sue them and cut their funding, which supports tech industry interests but goes against what voters want. Polls show over 70% of voters favor state and federal regulation of AI, yet the administration sided with industry lobbyists instead, creating a major political divide ahead of midterm elections. Local communities across the country are already resisting AI datacenters due to environmental and energy concerns, with both progressive and Trump-supporting voters working together against the development.

Alleged RedLine Malware Administrator Extradited to US

infonews
security
Mar 26, 2026

A person named Hambardzum Minasyan from Armenia has been extradited to the US and accused of developing and managing RedLine, an infostealer malware (malicious software that steals sensitive information like passwords and personal data from infected computers).

Previous147 / 318Next

Fix: Starting from version 0.0.8, hint decoding will check the cumulative hint counter of the last row as well.

GitHub Advisory Database

Fix: The issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later. As temporary workarounds if upgrading is not immediately possible: limit workflow creation and editing permissions to fully trusted users only, disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable, or review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.

GitHub Advisory Database

Fix: The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can: (1) limit workflow creation and editing permissions to fully trusted users only, or (2) disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.

GitHub Advisory Database
Simon Willison's Weblog
DeepMind Safety Research
The Verge (AI)
Mar 26, 2026

AI models frequently make errors or hallucinate (generate false or inaccurate information) when recommending which software versions to use, how to upgrade systems, or which security fixes to apply, which can create significant technical debt (accumulated costs from shortcuts and poor decisions that must eventually be addressed). These mistakes can lead developers to ignore real security bugs or choose problematic upgrade paths.

Dark Reading
TechCrunch (Security)
Wired (Security)
research
Mar 26, 2026

Graph Neural Networks (GNNs, AI systems designed to work with interconnected data structured as graphs) used in graph self-supervised learning (training without labeled data) can be secretly compromised by backdoor attacks (where hidden malicious instructions are embedded in the model). Researchers developed GDetox, a defense method that removes these backdoor features from compromised encoders (the parts of the model that learn to represent data) using knowledge distillation (a technique where a teacher model teaches a student model to learn better), reducing successful attacks to 4% while keeping the model's normal performance nearly unchanged.

Fix: GDetox purifies backdoored encoders in graph self-supervised learning by applying self-supervised distillation without requiring labeled data, combined with adversarial contrastive learning (a training method that improves model robustness by creating challenging examples) to enhance the teacher model and improve the final encoder performance.

IEEE Xplore (Security & AI Journals)
Mar 26, 2026

Deepfake technology can create fake facial images that are hard to distinguish from real ones, posing risks to privacy and security. This paper proposes a new detection method using Visual Language Models (VLMs, AI systems that understand both images and text) combined with component-specific prompt tuning (customizing input instructions to focus on specific facial parts like eyes and nose). The approach transforms deepfake detection into a Visual Question Answering task and uses a Q-Former module (a feature extraction component guided by instructions) to help the model identify forgery traces in local facial features, achieving better accuracy than existing methods.

IEEE Xplore (Security & AI Journals)
Mar 26, 2026

Many software organizations claim to make security a priority, but they don't actually provide developers with the tools, training, or culture needed to build secure code. A global survey found significant gaps between what companies say about security and what they actually do to support developers in writing secure software.

IEEE Xplore (Security & AI Journals)

Fix: Anthropic deployed a patch to the Chrome extension (version 1.0.41) that enforces a strict origin check requiring an exact match to the domain 'claude.ai' rather than accepting any subdomain. Additionally, Arkose Labs fixed the underlying XSS flaw as of February 19, 2026.

The Hacker News
The Verge (AI)
CSO Online
Mar 26, 2026

Eline van der Velden created an AI actor called Tilly Norwood (a digital twin, or an AI-generated copy of a person) and received death threats following global backlash against the project. Van der Velden stated she developed it to spark discussion about AI's impact on entertainment, but the reaction from Hollywood actors and unions was more severe than expected.

The Guardian Technology
Mar 26, 2026

OpenAI has indefinitely paused plans to release an 'adult mode' for ChatGPT, a sexualized chatbot feature that faced criticism from employees and investors over potential harms to society. This decision is part of a broader company refocus on core products, following similar discontinuations like the text-to-video platform Sora.

The Verge (AI)
Schneier on Security
SecurityWeek