aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6356 items

How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem

infonews
industrysecurity
Mar 25, 2026

Modern cybersecurity operations face attacks that happen in seconds, overwhelming traditional human-centered defenses. CrowdStrike introduced Charlotte AI AgentWorks and Charlotte Agentic SOAR, two interconnected systems that use AI agents (autonomous software that can reason and take actions) to work alongside security analysts, automating routine tasks while keeping humans in control through oversight and guardrails.

CrowdStrike Blog

OpenAI ends Disney partnership as it closes Sora video-making app

infonews
industry
Mar 25, 2026

OpenAI has shut down Sora, its AI video-generation app (software that creates realistic videos from text descriptions), less than two years after launch, to focus on other projects like robotics and autonomous AI agents. The closure ends both the consumer app and professional platform, though image-making tools in ChatGPT remain unaffected. Disney, which had recently licensed its intellectual property (creative works and characters owned by a company) to Sora in a landmark deal, said it will now explore partnerships with other AI platforms.

Introducing the OpenAI Safety Bug Bounty program

infonews
securitysafety

Auto mode for Claude Code

mediumnews
safetysecurity

CSA Launches CSAI Foundation for AI Security

infonews
policysecurity

OpenAI shutters AI video generator Sora in abrupt announcement

infonews
industry
Mar 24, 2026

OpenAI abruptly shut down Sora, its AI video generator tool (software that creates realistic videos from text descriptions), just six months after launching it as a standalone app in 2024. The company announced the closure on social media, thanking users who created and shared videos with the platform.

OpenAI shutters short-form video app Sora as company reels in costs

infonews
industry
Mar 24, 2026

OpenAI shut down its Sora app, a tool that let users generate short videos (create videos from text descriptions) and remix videos from other users, just six months after launching it despite reaching one million downloads. The company is cutting costs to justify its $730 billion valuation and focus on high-productivity business uses, particularly competing in the enterprise (business) market rather than consumer applications.

CVE-2026-24158: NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of ser

highvulnerability
security
Mar 24, 2026
CVE-2026-24158

CVE-2026-24158 is a vulnerability in NVIDIA Triton Inference Server's HTTP endpoint that allows attackers to cause a denial of service (temporarily making a service unavailable) by sending a large compressed payload. The vulnerability stems from improper memory allocation (CWE-789, where a system reserves too much memory based on untrusted input).

CVE-2026-24141: NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user cou

highvulnerability
security
Mar 24, 2026
CVE-2026-24141

NVIDIA Model Optimizer for Windows and Linux has a vulnerability in its ONNX quantization feature (a technique that makes AI models smaller and faster by reducing precision) where unsafe deserialization (unsafely converting data from a file into program objects) can occur when a user provides a specially crafted input file. A successful attack could allow an attacker to execute code, gain higher privileges, change data, or steal information.

CVE-2025-33254: NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A success

highvulnerability
security
Mar 24, 2026
CVE-2025-33254

NVIDIA Triton Inference Server has a vulnerability (CVE-2025-33254) where an attacker can corrupt internal state, a condition that occurs when data becomes inconsistent or broken, potentially causing a denial of service (making a service unavailable to legitimate users). The vulnerability is caused by a race condition (a bug that happens when multiple processes access shared data at the same time without proper coordination).

CVE-2025-33244: NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted

criticalvulnerability
security
Mar 24, 2026
CVE-2025-33244

NVIDIA APEX for Linux has a vulnerability where attackers can deserialize untrusted data (process data from untrusted sources, potentially running malicious code hidden in that data), affecting PyTorch versions earlier than 2.6. A successful attack could allow code execution, denial of service (making a system unavailable), privilege escalation (gaining higher access levels), data tampering, and information disclosure.

CVE-2025-33238: NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception.

highvulnerability
security
Mar 24, 2026
CVE-2025-33238

CVE-2025-33238 is a vulnerability in NVIDIA Triton Inference Server's Sagemaker HTTP server that allows an attacker to trigger an exception, potentially causing a denial of service (DoS, where a system becomes unavailable to legitimate users). The underlying issue involves a race condition (a timing flaw when multiple processes access shared resources without proper protection).

Baltimore is first U.S. city to sue over Grok deepfake porn as legal pressure mounts on Musk's xAI

infoincident
safetypolicy

Anthropic and Pentagon face off in court over ban on company’s AI model

infonews
policysecurity

OpenAI just gave up on Sora and its billion-dollar Disney deal

infonews
industry
Mar 24, 2026

OpenAI has discontinued Sora, its video generation tool (AI that creates videos from text descriptions), along with the standalone app and developer API access that launched in late 2024. This shutdown affects a major licensing deal with Disney announced just months earlier, in which Disney had agreed to invest $1 billion in OpenAI.

Arm’s first CPU ever will plug into Meta’s AI data centers later this year

infonews
industry
Mar 24, 2026

Arm, a UK chip design company, is manufacturing its first CPU (central processing unit, the main processor in a computer) called the Arm AGI CPU, designed specifically for inference (running AI models in the cloud). Meta will be the first customer, using this chip in its data centers alongside processors from other companies like Nvidia and AMD to power AI tools.

Baltimore sues Elon Musk’s AI company over Grok’s fake nude images

infonews
safetypolicy

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

infonews
safetypolicy

Exclusive eBook: Are we ready to hand AI agents the keys?

infonews
safetypolicy

CVE-2026-33401: Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c

highvulnerability
security
Mar 24, 2026
CVE-2026-33401

Wallos, an open-source tool for tracking subscriptions that users can run on their own servers, had incomplete security protections in versions before 4.7.0. A logged-in attacker could bypass these protections by sending specially crafted web addresses to three different features (AI Ollama settings, AI recommendations, and notification scheduling), allowing them to reach internal systems or cloud configuration services they shouldn't access.

Previous151 / 318Next
BBC Technology
Mar 24, 2026

OpenAI has launched a Safety Bug Bounty program to identify AI abuse and safety risks in its products, complementing its existing Security Bug Bounty program. The new program focuses on issues like prompt injection (tricking an AI by hiding instructions in its input) that hijacks AI agents to perform harmful actions, unauthorized feature access, and proprietary information leaks, even if they don't qualify as traditional security vulnerabilities. Researchers can submit reports on reproducible safety issues that pose plausible and material harm to users.

OpenAI Blog
Mar 24, 2026

Anthropic introduced auto mode for Claude Code, a new permissions system where Claude automatically decides whether to allow actions with safeguards in place. A separate classifier model (Claude Sonnet 4.6) reviews each action before it runs to block requests that go beyond the task scope, target untrusted infrastructure, or appear malicious, using customizable default filters that cover allowed operations like read-only requests and local file work, while blocking risky actions like force-pushing to git repositories or executing external code.

Simon Willison's Weblog
Mar 24, 2026

The Cloud Security Alliance has created a new nonprofit organization called the CSAI Foundation to help manage and secure autonomous AI agents (AI systems that can make decisions and take actions on their own). The foundation will use risk intelligence (methods to identify and understand potential dangers) and certification (official verification of safety standards) to govern these AI ecosystems.

Dark Reading
The Guardian Technology
CNBC Technology
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Mar 24, 2026

Baltimore has become the first major U.S. city to sue Elon Musk's xAI over its Grok image generator, which can create deepfakes (AI-manipulated videos or images that realistically fake someone's appearance or actions) of non-consensual sexual content involving women and children. The lawsuit claims xAI violated consumer protection laws by marketing Grok and X as safe while allowing mass creation of non-consenting intimate images (sexually explicit content created without permission) and child sexual abuse material. Baltimore is asking the court to force xAI to stop targeting its residents, redesign its platforms to prevent exploitation, and change its marketing practices.

CNBC Technology
Mar 24, 2026

Anthropic, an AI company, is suing the US Department of Defense in federal court to challenge a ban on government use of its Claude AI chatbot after the company refused to allow the technology to be used in autonomous weapons systems (machines that can make lethal decisions without human control) and mass surveillance. The Defense Secretary declared Anthropic a supply chain risk (a company considered unsafe to do business with), which the company argues will cause massive financial and business harm.

The Guardian Technology
The Verge (AI)
The Verge (AI)
Mar 24, 2026

Baltimore's mayor and city council sued Elon Musk's xAI company, claiming that its Grok chatbot (an AI assistant designed for general conversation) violated consumer protection laws by creating nonconsensual sexualized images. The lawsuit argues that xAI deceptively marketed Grok and its platform X without disclosing the risks and potential harms users could face.

The Guardian Technology
Mar 24, 2026

Agentic AI systems (AI that can independently take actions rather than just make suggestions) are becoming more powerful by gaining direct access to computer systems, creating new governance challenges. The article uses OpenClaw as a case study to illustrate why better oversight and control mechanisms are needed as these autonomous systems become more capable and integrated into real-world operations.

SecurityWeek
Mar 24, 2026

A subscriber-only eBook discusses whether society is adequately prepared for the growing autonomy being given to AI agents, featuring expert perspectives on potential risks. The content suggests that continuing on the current development path without proper safeguards could pose serious existential concerns.

MIT Technology Review

Fix: Update to version 4.7.0, which patches this vulnerability.

NVD/CVE Database