aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6356 items

GHSA-5mg7-485q-xm76: Two LiteLLM versions published containing credential harvesting malware

criticalvulnerability
security
Mar 25, 2026

Two versions of LiteLLM (a Python library for working with multiple AI models), versions 1.82.7 and 1.82.8, were published with malware that steals user credentials (usernames, passwords, and authentication tokens). This is a critical security issue because anyone who installed these specific versions could have their sensitive login information compromised.

GitHub Advisory Database

Privacy-Preserving Multi-Modal Object Fusion for Connected Autonomous Vehicles: Resilience Against Malicious Third-Party Attacks

inforesearchPeer-Reviewed
security

Propose and Rectify: A Forensics-Driven MLLM Framework for Image Manipulation Localization

inforesearchPeer-Reviewed
research

Assessing and Improving DNN Robustness Against Adversarial Examples From the Perspective of Fully Connected Layers

inforesearchPeer-Reviewed
research

Filter, Obstruct, and Dilute: Defending Against Backdoor Attacks on Semi-Supervised Learning

inforesearchPeer-Reviewed
security

Legal AI startup Harvey valued at $11 billion in funding round, as VCs spread bets beyond model companies

infonews
industry
Mar 25, 2026

Harvey, a legal AI startup founded in 2022, raised $200 million at an $11 billion valuation to deploy AI technology in specialized legal and professional services markets. The company uses AI tools to help lawyers with contract analysis, compliance, and other complex tasks, serving over 100,000 lawyers across more than 1,300 organizations. Harvey's funding reflects growing investor confidence that specialized AI applications, not just foundational AI models (the underlying systems that power AI tools), can capture significant business value.

Hugo Barra's return to Meta 5 years after exit underscores Zuckerberg's AI urgency

infonews
industry
Mar 25, 2026

Hugo Barra, a former Meta executive, has returned to the company to lead AI development efforts, reflecting Meta's shift in focus from virtual reality to artificial intelligence. Meta is investing heavily in AI infrastructure and acquiring AI agent technology (software designed to perform tasks autonomously) companies like Dreamer, Manus, and Moltbook to compete with rivals like OpenAI and Google. The company is spending up to $135 billion this year on capital expenditures, mostly for AI infrastructure, as it attempts to develop a competitive strategy in the rapidly evolving AI market.

My ​quest to ​preserve VHS-​era ​gaming ​culture​, one eBay bid at a time

infonews
security
Mar 25, 2026

This article is about a person collecting VHS tapes and CRT televisions to preserve gaming culture from the 1980s and 1990s, when home video and the games industry grew together. The author discusses how VHS tapes contain important historical records of gaming's development, including movie adaptations and game-related content that used to be rented from video shops.

U.S.-Iran negotiations, Meta trial verdict, OpenAI shuts Sora and more in Morning Squawk

infonews
industrypolicy

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

highnews
securitysafety

Agentic commerce runs on truth and context

infonews
industrysafety

Anthropic’s Claude Code gets ‘safer’ auto mode

infonews
safety
Mar 25, 2026

Anthropic has released an 'auto mode' for Claude Code, a tool that allows an AI to make decisions and take actions on a user's computer without asking permission each time. The auto mode is designed to be safer than giving the AI full freedom to act, since the AI could otherwise delete files, leak sensitive data, or run harmful code without the user's knowledge.

CVE-2026-23309: In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_fre

infovulnerability
security
Mar 25, 2026
CVE-2026-23309

A vulnerability in the Linux kernel's tracing system occurs when trigger_data_alloc() (a memory allocation function) fails and returns NULL, causing the error handler to call trigger_data_free() on a null value. Unlike the safe kfree() function, trigger_data_free() doesn't check for NULL pointers before trying to access data, leading to a crash when it tries to evaluate data->cmd_ops->set_filter.

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

highnews
security
Mar 25, 2026

Malicious versions of LiteLLM, a popular Python library for working with large language models, were published on PyPI and stole credentials from developer environments before being removed after about two hours. The malware used a three-stage attack to harvest sensitive data like API keys, cloud credentials, and SSH keys (private authentication files), then encrypted and sent them to attacker-controlled servers. This incident is part of a larger supply chain attack (a coordinated effort to compromise widely-used software) called TeamPCP that also affected other developer security tools.

Sen. Wyden Warns of Another Section 702 Abuse

infonews
policy
Mar 25, 2026

Senator Ron Wyden is warning that Section 702 (a law allowing U.S. intelligence agencies to conduct surveillance) is being abused in ways that are kept secret from the public and Congress. Wyden says there is a classified (not publicly known) privacy issue related to Section 702 that he has repeatedly asked the government to reveal, but administrations have refused, and he believes Congress cannot properly debate whether to renew this law without knowing the full truth.

Try our new dimensional analysis Claude plugin

infonews
securityresearch

6 key trends reshaping the IAM market

infonews
securitypolicy

Inside our approach to the Model Spec

infonews
safetypolicy

The AI Hype Index: AI goes to war

infonews
industrypolicy

AI is breaking traditional security models — Here’s where they fail first

infonews
securityindustry
Previous150 / 318Next
research
Mar 25, 2026

Connected autonomous vehicles (CAVs) use multiple types of sensors, like LiDAR (light-based radar that creates 3D maps) and cameras, to understand their surroundings, and combining information from both sensors improves accuracy. However, this sensor fusion process can leak private information and relies on a third party to generate random numbers, which could be compromised by attackers. Researchers propose MPOF, a model that uses secure computation protocols (mathematical methods that let systems calculate results without exposing raw data) and sacrificial verification (a technique that detects when a third party behaves maliciously) to protect privacy while defending against attacks from that third party.

Fix: The source proposes the MPOF model with secure computation protocols that include sacrificial verification to detect malicious third-party behavior during random number generation. The paper states the protocols 'reduce computational overhead by five orders of magnitude' compared to methods using homomorphic encryption (encryption that allows calculations on encrypted data without decrypting it first), making the approach more practical for resource-constrained vehicles.

IEEE Xplore (Security & AI Journals)
Mar 25, 2026

This research presents a new framework called Propose-Rectify that helps detect and locate image manipulations (alterations made to photos) by combining two approaches: first, a semantic reasoning stage uses a modified LLaVA model (a multimodal AI that understands both images and language) to identify suspicious regions, and second, a refinement stage uses specialized forensic analysis (technical methods that detect tampering traces) to validate and precisely locate the manipulated areas. The framework bridges the gap between AI understanding and forensic detection, achieving better accuracy than previous methods.

IEEE Xplore (Security & AI Journals)
security
Mar 25, 2026

Deep neural networks (machine learning models with many layers that process information) are vulnerable to adversarial examples, which are inputs slightly modified to fool the AI into making wrong predictions. This paper proposes adding a redundant fully connected layer (a type of neural network component that connects all inputs to all outputs) with a special loss function to make these networks more robust against attacks while maintaining accuracy on normal inputs.

Fix: The source describes a defense mechanism but does not present it as a deployed fix or patch. It is a research proposal for a novel component (redundant fully connected layer with a cosine similarity-based loss function) that can be added to existing models. N/A -- no mitigation discussed in source.

IEEE Xplore (Security & AI Journals)
research
Mar 25, 2026

Semi-supervised learning (SSL, a training method where models learn from both labeled and unlabeled data) is vulnerable to backdoor attacks, where attackers can corrupt model predictions by poisoning a small portion of training data with hidden triggers. This paper reveals that SSL backdoor attacks are particularly dangerous because they exploit the pseudo-labeling mechanism (the process where the model assigns labels to unlabeled data) to create stronger trigger-target correlations than in supervised learning. The researchers propose Backdoor Invalidator (BI), a defense framework using complementary learning, trigger mix-up, and dual domain filtering to obstruct and filter backdoor influences during both feature learning and data processing.

Fix: The source presents Backdoor Invalidator (BI) as an explicit defense framework. According to the text, BI 'integrates three novel techniques: complementary learning, trigger mix-up, and dual domain filtering, which collectively obstruct, dilute, and filter the influence of backdoor attacks in both feature learning and data processing.' The framework is designed to 'significantly reduce the average attack success rate while maintaining comparable accuracy on clean data' and is described as 'practical deployable as a plug-in component.' Code implementing this defense is available at https://github.com/wxr99/Backdoor_Invalidator4SSL.

IEEE Xplore (Security & AI Journals)
CNBC Technology
CNBC Technology
The Guardian Technology
Mar 25, 2026

OpenAI shut down its Sora short-form video app, which had reached one million downloads in its first five days before being discontinued six months later. The company is closing the app as part of cost-cutting efforts while preparing for a potential public offering, and will soon provide a timeline for users to preserve their work from the platform.

CNBC Technology
Mar 25, 2026

In September 2025, Anthropic revealed that a state-sponsored attacker used an AI coding agent to autonomously conduct cyber espionage against 30 global targets, with the AI handling 80-90% of operations itself. Traditional security defenses are built around detecting attackers moving through a multi-step "kill chain" (a sequence of stages from initial access to data theft), but compromised AI agents already have legitimate access, broad permissions, and normal reasons to move data across systems, so they skip the entire detection chain. This makes AI agents particularly dangerous because their malicious activity looks identical to normal behavior, and existing security tools cannot easily tell the difference.

The Hacker News
Mar 25, 2026

Agentic commerce refers to AI agents that can execute transactions autonomously on behalf of users, rather than just providing information. For this to work safely and reliably, organizations need master data management (MDM, the discipline of creating a single authoritative record for each entity) and high-quality data to ensure agents can correctly identify who is transacting, what permissions they have, and where responsibility lies, because agents cannot catch data errors the way humans can.

MIT Technology Review
The Verge (AI)

Fix: Add a NULL pointer check to trigger_data_free() to prevent it from attempting to dereference a NULL pointer.

NVD/CVE Database

Fix: PyPI stated: "Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them accordingly." The affected versions are 1.82.7 and 1.82.8. Wiz customers can check for exposure via the Wiz Threat Center.

CSO Online
Schneier on Security
Mar 25, 2026

Anthropic released a new Claude plugin that uses dimensional analysis (a technique for tracking units of measurement in code) to find bugs more effectively than traditional LLM-based security tools. Instead of asking an AI to identify vulnerabilities directly, the plugin uses the LLM to annotate code with dimensional types, then mechanically flags mismatches, achieving 93% recall compared to 50% for standard prompts.

Fix: Users can download and install the plugin by running: `claude plugin marketplace add trailofbits/skills` followed by `claude plugin install dimensional-analysis@trailofbits`, then invoke it with `claude /dimensional-analysis`.

Trail of Bits Blog
Mar 25, 2026

The identity and access management (IAM) market, which handles who gets access to systems and data, is growing rapidly and shifting focus from simple password-based login toward treating identity as a core security layer. Organizations are increasingly adopting phishing-resistant authentication methods like passkeys (security keys that replace passwords) and managing non-human identities (service accounts, API keys, and AI agents), which now outnumber human users in most enterprises by about three to one. This shift is driven by the rise of agentic AI (autonomous AI systems that act independently) and stricter regulations requiring continuous verification of who accesses what data.

CSO Online
Mar 25, 2026

OpenAI's Model Spec is a formal framework that explicitly defines how AI models should behave across different situations, including how they follow instructions, resolve conflicts, and operate safely. The document is designed to be public and readable so that users, developers, researchers, and policymakers can understand, inspect, and debate intended AI behavior rather than having it hidden inside training processes. The Model Spec is not a claim that current models already behave perfectly, but rather a target for improvement that OpenAI uses to train, evaluate, and iteratively improve model behavior over time.

OpenAI Blog
Mar 25, 2026

This article summarizes recent developments in AI, including controversies over weaponizing AI models like Claude, major user departures from ChatGPT, and large protests against AI in London. On a lighter note, AI agents (software programs that can act independently to accomplish tasks) are becoming popular online, with companies hiring their creators and developing quirky applications where AI agents appear to develop their own beliefs and philosophies.

MIT Technology Review
Mar 25, 2026

Traditional enterprise security relied on slow, manual processes where vulnerabilities were discovered through periodic scans, then triaged and fixed in a delayed workflow. AI and LLM-based systems are breaking this model by automating triage (the process of sorting and prioritizing findings), delivering vulnerabilities with full context and demanding immediate action, which forces organizations to rethink who is responsible for fixes and how quickly decisions happen. This shift also makes accountability explicit rather than implicit, requiring security teams to transition from handling individual findings to overseeing AI decision-making accuracy and approving exceptions.

CSO Online