aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6356 items

OpenAI rolls out ChatGPT Library to store your personal files

infonews
securityprivacy
Mar 23, 2026

OpenAI has launched a Library feature for ChatGPT that automatically saves files you upload (documents, images, spreadsheets, etc.) to a secure cloud storage location for future reference. The feature is available to ChatGPT Plus, Pro, and Business subscribers worldwide except in the European Economic Area, Switzerland, and the United Kingdom, and files remain saved to your account until you manually delete them.

Fix: To delete files from Library, select the file in the Library tab, click Delete or the trash icon next to the file. OpenAI will remove files from its servers within 30 days of deletion. Note that deleting a chat containing a file does not automatically delete those files saved to Library, so manual deletion from the Library tab is required.

BleepingComputer

OpenAI calls out Microsoft reliance as risk in investor document ahead of expected IPO

infonews
policyindustry

CVE-2026-30886: New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to versio

mediumvulnerability
security
Mar 23, 2026
CVE-2026-30886

New API, an LLM (large language model) gateway and AI asset management system, had a vulnerability before version 0.11.4-alpha.2 that allowed any logged-in user to view videos belonging to other users through the video proxy endpoint. The problem was an IDOR vulnerability (insecure direct object reference, a flaw where the system doesn't check if a user owns the data they're requesting), caused by a function that checked only the video ID without verifying the user owned it.

Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

infonews
securityindustry

Varonis Atlas: Securing AI and the Data That Powers It

infonews
securityindustry

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

infonews
security
Mar 23, 2026

Mandiant's 2025 incident investigations reveal that attackers are becoming more sophisticated and specialized, with two distinct strategies: criminal groups focusing on quick impact and recovery denial, while espionage groups prioritize staying hidden for months using edge devices and native network tools. Key findings show that the time between initial network access and handoff to secondary attackers collapsed from over 8 hours in 2022 to just 22 seconds in 2025, and attackers have shifted from email phishing (6% of intrusions) to voice phishing (11%), suggesting that adversaries are adapting faster than traditional security controls can detect them.

Confronting the CEO of the AI company that impersonated me

infonews
safetyprivacy

SRAP: Robust and Transferable Self-Reversible Adversarial Patch for Image Privacy Protection

inforesearchPeer-Reviewed
research

CLIP-ADA: CLIP-Guided Artifact-Invariant Generalizable Synthetic Image Detection

inforesearchPeer-Reviewed
research

You Built the Brain. Now Protect It.

infonews
securityindustry

Check Point at RSAC – How We’re Helping Our Customers Secure their AI Transformation

infonews
securitypolicy

The Download: animal welfare gets AGI-pilled, and the White House unveils its AI policy

infonews
policyindustry

Sen. Warren questions DOD about Anthropic blacklist that 'appears to be retaliation'

inforegulatory
policysafety

Introducing Wiz Agents & Workflows: Security at the Speed of AI

infonews
securityindustry

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

highnews
security
Mar 23, 2026

AWS Bedrock is Amazon's platform for building AI applications that connect foundation models (pre-trained AI systems) to enterprise data and systems like Salesforce and SharePoint. Researchers discovered eight attack vectors that allow attackers to exploit this connectivity, including log manipulation (hiding their tracks in audit logs), knowledge base compromise (stealing enterprise data), agent hijacking (taking control of autonomous AI agents), and prompt poisoning (corrupting AI instructions).

The insider threat rises again

infonews
securitypolicy

New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud

infonews
securityindustry

AI influencer awards season is upon us

infonews
industry
Mar 22, 2026

AI influencers are becoming a serious commercial industry, with new awards like an 'AI Personality of the Year' contest emerging alongside AI beauty pageants and music competitions. The contest, backed by companies like OpenArt, Fanvue, and ElevenLabs, aims to recognize the creative work and growing cultural influence of AI influencers.

Experimenting with Starlette 1.0 with Claude skills

infonews
industry
Mar 22, 2026

Starlette 1.0 was released in March 2026 with breaking changes from previous versions, notably replacing the old on_startup and on_shutdown parameters with a new lifespan mechanism (an async context manager for managing app startup and shutdown). Since LLMs were trained on older Starlette code, the author created a Skill (a custom knowledge document that Claude can reference) by having Claude clone the Starlette repository, build documentation with code examples, and add it to their Claude chat so the AI could generate working Starlette 1.0 code.

An efficient hierarchical secret sharing for privacy-preserving distributed gradient descent algorithm

inforesearchPeer-Reviewed
security
Previous153 / 318Next
Mar 23, 2026

OpenAI disclosed in an investor document that its heavy dependence on Microsoft for financing and computing resources poses a business risk, noting that if Microsoft ends their partnership or OpenAI cannot diversify its business partners, the company's operations and finances could suffer. The document also highlighted other risks including massive capital spending requirements, reliance on chip suppliers like Taiwan Semiconductor Manufacturing Company, and potential geopolitical disruptions to the global chip supply chain.

CNBC Technology

Fix: Update to version 0.11.4-alpha.2 or later, which contains a patch addressing this vulnerability.

NVD/CVE Database
Mar 23, 2026

A 2026 Mandiant security report shows that attackers are operating faster and more collaboratively, with hand-offs between threat groups now happening in 22 seconds instead of 8+ hours. Attackers are shifting tactics away from email phishing (6% of attacks) toward voice phishing (11%) and other interactive social engineering, while increasingly targeting recovery systems through 'recovery denial' ransomware to prevent organizations from restoring after breaches.

CSO Online
Mar 23, 2026

Varonis Atlas is an AI security platform that helps organizations discover, monitor, and protect AI systems across their enterprise, from custom AI models to chatbots and AI agents. The platform addresses a major security gap: most organizations don't know which AI systems they have, what data those systems can access, or whether they're compliant with regulations, creating risks since AI agents can read and modify data at machine speed. Atlas covers the entire AI security lifecycle through features like continuous AI discovery, posture management (vulnerability and misconfiguration assessment), runtime protection, and compliance reporting.

BleepingComputer
Google Threat Intelligence
Mar 23, 2026

Grammarly (now part of Superhuman) launched a feature called Expert Review in August that used AI to create cloned versions of real journalists and writers, including the interviewer, without their permission to provide writing suggestions. The company faced backlash and legal action, ultimately killing the feature entirely and offering an opt-out option.

Fix: Superhuman responded by first offering an email-based opt out and then killing the feature entirely.

The Verge (AI)
security
Mar 23, 2026

Researchers developed SRAP (Self-Reversible Adversarial Patch), a technique that creates adversarial patches (small, intentionally corrupted image regions designed to fool AI models) that can be reversed back to the original image while protecting privacy. The method improves two key weaknesses in existing adversarial patches: transferability (working across different AI models, achieving up to 90% success rate) and robustness (resisting image processing and defensive techniques), and demonstrates an 88% attack success rate against commercial AI services.

IEEE Xplore (Security & AI Journals)
Mar 23, 2026

This research paper presents CLIP-ADA, a method for detecting synthetic images (fake images created by AI generators) that works better across different types of generators and artifacts. The method analyzes how CLIP (a vision-language model that understands both images and text) processes images at different levels, then uses this understanding to train detectors that rely less on specific artifact patterns and more on general forensic features, achieving over 6% better accuracy on unseen synthetic images.

IEEE Xplore (Security & AI Journals)
Mar 23, 2026

As companies convert traditional data centers into AI factories (facilities that produce and run large language models, or LLMs) to generate revenue and gain competitive advantages, they face new security risks. Check Point has created a blueprint architecture (a detailed security design plan) to help enterprises protect these AI data centers as the market grows significantly from $236 billion in 2025 to $934 billion by 2030.

Check Point Research
Mar 23, 2026

Companies are quickly adopting AI tools to improve productivity and gain business advantages, but this creates new security risks. AI tools often access sensitive company data like customer records and emails, and employees may use LLMs (large language models, AI systems trained on huge amounts of text) without approval, risking accidental leaks of confidential information.

Check Point Research
Mar 23, 2026

This newsletter covers multiple AI-related developments, including animal welfare advocates exploring how artificial general intelligence (AGI, a theoretical AI system that can learn and perform any intellectual task) might reduce animal suffering, the White House unveiling a light-touch AI regulation framework, and various corporate moves like OpenAI adding ads to free ChatGPT and the Pentagon adopting Palantir's AI for military targeting. The article also discusses Elon Musk being found liable for misleading Twitter investors and a case where an Australian woman's experimental brain implant was removed against her wishes despite significantly improving her quality of life.

MIT Technology Review
Mar 23, 2026

Senator Elizabeth Warren is questioning the Department of Defense's decision to blacklist AI company Anthropic as a "supply chain risk," calling it retaliation after the company refused to let the DOD use its AI models for fully autonomous weapons or domestic mass surveillance. Anthropic has filed a lawsuit against the Trump administration, while OpenAI has secured a DOD contract despite similar concerns from lawmakers about whether safeguards exist to prevent the technology from being used for mass surveillance or autonomous weapons.

CNBC Technology
Mar 23, 2026

Wiz has introduced AI agents and workflows designed to help security teams respond to threats faster by automating investigation and remediation tasks. The system uses three specialized agents—Red (finds vulnerabilities), Blue (investigates threats), and Green (fixes issues)—that work together in a continuous loop to detect, analyze, and resolve security risks at machine speed rather than relying on manual human work.

Wiz Research Blog
The Hacker News
Mar 23, 2026

Insider threats (security risks from people inside an organization) are becoming more common and damaging, with 42% of organizations reporting increased malicious insider incidents and an average cost of $13.1 million per incident. These threats come from both intentional bad actors and careless mistakes, and are worsened by new technologies like AI agents (software that can act independently with system access), remote work, and economic pressure on employees.

CSO Online
Mar 23, 2026

Organizations deploying AI tools and agents are creating new security vulnerabilities, particularly through attacks like indirect prompt injection (tricking an AI by hiding malicious instructions in its input) and agentic tool chain attacks (compromising the sequence of tools an AI agent uses). CrowdStrike is addressing this gap by expanding its Falcon platform with new AI detection and response capabilities that monitor desktop AI applications, discover shadow AI (unauthorized AI tools), and detect threats across endpoints, cloud, and SaaS environments.

Fix: CrowdStrike Falcon AIDR is extending runtime threat detection to desktop AI applications (ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor) with visibility into prompt content and the ability to detect prompt attacks and data leaks. The capability is currently in pre-beta and will be generally available in Q2. Additionally, AI Discovery in CrowdStrike Falcon Exposure Management, now generally available, automatically discovers AI-related components running on endpoints in real time, including AI apps, agents, LLM (large language model) runtimes, MCP (Model Context Protocol) servers, and IDE extensions.

CrowdStrike Blog
The Verge (AI)

Fix: The source explicitly mentions the solution implemented: creating a Skill document. The author states "I decided to see if I could get this working with a Skill" and describes the process: "Clone Starlette from GitHub...Build a skill markdown document for this release which includes code examples of every feature." They then used the "Copy to your skills" button to add this skill to their Claude chat, enabling Claude to generate correct Starlette 1.0 code in subsequent conversations.

Simon Willison's Weblog
privacy
Mar 22, 2026

This research paper describes a method for protecting privacy in distributed gradient descent (a technique where multiple computers work together to train AI models by each processing part of the data). The authors propose using hierarchical secret sharing (a cryptographic approach where information is split into pieces distributed across multiple parties, so no single party can see the complete data) to keep individual data private while still allowing the AI training process to work efficiently.

Elsevier Security Journals