aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6362 items

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

highnews
security
Mar 23, 2026

AWS Bedrock is Amazon's platform for building AI applications that connect foundation models (pre-trained AI systems) to enterprise data and systems like Salesforce and SharePoint. Researchers discovered eight attack vectors that allow attackers to exploit this connectivity, including log manipulation (hiding their tracks in audit logs), knowledge base compromise (stealing enterprise data), agent hijacking (taking control of autonomous AI agents), and prompt poisoning (corrupting AI instructions).

The Hacker News

The insider threat rises again

infonews
securitypolicy

New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud

infonews
securityindustry

AI influencer awards season is upon us

infonews
industry
Mar 22, 2026

AI influencers are becoming a serious commercial industry, with new awards like an 'AI Personality of the Year' contest emerging alongside AI beauty pageants and music competitions. The contest, backed by companies like OpenArt, Fanvue, and ElevenLabs, aims to recognize the creative work and growing cultural influence of AI influencers.

Experimenting with Starlette 1.0 with Claude skills

infonews
industry
Mar 22, 2026

Starlette 1.0 was released in March 2026 with breaking changes from previous versions, notably replacing the old on_startup and on_shutdown parameters with a new lifespan mechanism (an async context manager for managing app startup and shutdown). Since LLMs were trained on older Starlette code, the author created a Skill (a custom knowledge document that Claude can reference) by having Claude clone the Starlette repository, build documentation with code examples, and add it to their Claude chat so the AI could generate working Starlette 1.0 code.

An efficient hierarchical secret sharing for privacy-preserving distributed gradient descent algorithm

inforesearchPeer-Reviewed
security

Why Spotify AI more than music will be the secret to keeping subscribers

infonews
industry
Mar 22, 2026

Spotify is investing heavily in AI-powered music discovery tools, including a new ChatGPT integration and a Prompted Playlist feature that let users describe what they want to hear through conversation rather than traditional buttons. Spotify executives say these AI features are key to keeping subscribers engaged as music catalogs become similar across streaming apps, with their interactive AI DJ feature already used by 90 million subscribers.

Musk says he’s building Terafab chip plant in Austin, Texas

infonews
industry
Mar 22, 2026

Elon Musk announced plans to build a Terafab chip manufacturing plant in Austin, Texas, jointly operated by Tesla and SpaceX to produce chips for robotics, AI, and space data centers. Musk and other industry leaders are concerned that chip makers cannot produce enough chips fast enough to meet growing demand from the AI industry, though building a chip fabrication plant requires billions of dollars, many years, and specialized equipment.

OpenAI's data center pivot underscores Wall Street spending concerns ahead of IPO

infonews
industry
Mar 22, 2026

OpenAI is shifting away from its aggressive spending plans to build massive data centers, instead focusing on purchasing cloud computing capacity from other providers. CEO Sam Altman acknowledged that running data centers at this scale is difficult, citing severe weather events and supply chain challenges at their Texas facility (part of the $500 billion Stargate project with Oracle and SoftBank), and the company is facing pressure from investors to demonstrate more responsible spending before its planned IPO (initial public offering, when a private company becomes publicly traded).

AI was everywhere at gaming’s big developer conference — except the games

infonews
industry
Mar 22, 2026

At the Game Developers Conference, AI tools were heavily promoted for creating game content, NPCs (non-player characters, the computer-controlled characters in games), and automating quality assurance tasks, but these AI systems were largely absent from actual commercial games being released. The gap between AI hype in the gaming industry and its real-world implementation in finished games remains significant.

CVE-2026-4538: A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi

mediumvulnerability
security
Mar 22, 2026
CVE-2026-4538

PyTorch 2.10.0 contains a vulnerability in its pt2 Loading Handler component that allows unsafe deserialization (loading data in a way that can execute unintended code) through an unknown function. The vulnerability can only be exploited locally (by someone with access to the affected computer), but an exploit is publicly available, and the PyTorch team has not yet responded to the initial report.

CVE-2026-4530: A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex

mediumvulnerability
security
Mar 21, 2026
CVE-2026-4530

A SQL injection vulnerability (CVE-2026-4530) has been found in apconw Aix-DB up to version 1.2.3, where an attacker can manipulate the Description argument in the file agent/text2sql/rag/terminology_retriever.py to execute unauthorized SQL commands (SQL injection, a type of attack where an attacker inserts malicious database commands into input fields). The attack requires local access, the exploit is public, and the vendor has not responded to the disclosure.

How the FBI can conduct mass surveillance – even without AI

infonews
policyprivacy

The gen AI Kool-Aid tastes like eugenics

infonews
safety
Mar 21, 2026

Director Valerie Veatch explored OpenAI's Sora text-to-video generative AI model (software that creates videos from text descriptions) in 2024, hoping to connect with other artists in online communities. However, she discovered that the AI frequently generated images containing racism and sexism, and was disturbed that other AI enthusiasts seemed unconcerned about these biased outputs.

OpenClaw's ChatGPT moment sparks concern that AI models are becoming commodities

infonews
industrysafety

Gemini task automation is slow, clunky, and super impressive

infonews
industry
Mar 21, 2026

Google has launched Gemini task automation, a feature that lets an AI assistant use apps on your phone to complete tasks for you, currently available on Pixel 10 Pro and Galaxy S26 Ultra phones in beta. The feature works with a limited number of services like food delivery and rideshare apps, and while it's slow and sometimes clunky, it represents an early example of an AI actually performing actions on a device rather than just answering questions.

Who’s Really Shopping? Retail Fraud in the Age of Agentic AI

mediumnews
securitysafety

GHSA-f67f-hcr6-94mf: Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

criticalvulnerability
security
Mar 20, 2026

A GitHub Actions workflow in the Zen-AI-Pentest repository has a shell injection (a vulnerability where attackers trick a system into running unintended commands by inserting malicious code into input fields) vulnerability in the ZenClaw Discord Integration. An attacker can craft a malicious issue title containing shell commands that execute with access to secrets, allowing them to steal the Discord webhook URL (a special link that allows posting messages to Discord) and send fake messages to the Discord channel without needing repository permissions.

ChatGPT's ad pilot has the industry excited, but some insiders are frustrated with the slow rollout

infonews
industry
Mar 20, 2026

OpenAI is running a limited test of ads on ChatGPT with major ad agencies, but the rollout is slower than partners expected, frustrating them since they committed large budgets ($200,000-$250,000 each) that may not be fully spent by the March deadline. OpenAI says the slow pace is intentional to learn from users before expanding broadly, and recent data shows ad delivery is accelerating with a 600% increase in ads served by mid-March.

GHSA-ph9w-r52h-28p7: langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

highvulnerability
security
Mar 20, 2026
CVE-2026-33497

Langflow's /profile_pictures/{folder_name}/{file_name} endpoint has a path traversal vulnerability (a flaw where attackers use ../ sequences to access files outside the intended directory). The folder_name and file_name parameters aren't properly validated, allowing attackers to read the secret_key file across directories. Since the secret_key is used for JWT authentication (a token system that verifies who you are), an attacker can forge login tokens and gain unauthorized access to the system.

Previous154 / 319Next
Mar 23, 2026

Insider threats (security risks from people inside an organization) are becoming more common and damaging, with 42% of organizations reporting increased malicious insider incidents and an average cost of $13.1 million per incident. These threats come from both intentional bad actors and careless mistakes, and are worsened by new technologies like AI agents (software that can act independently with system access), remote work, and economic pressure on employees.

CSO Online
Mar 23, 2026

Organizations deploying AI tools and agents are creating new security vulnerabilities, particularly through attacks like indirect prompt injection (tricking an AI by hiding malicious instructions in its input) and agentic tool chain attacks (compromising the sequence of tools an AI agent uses). CrowdStrike is addressing this gap by expanding its Falcon platform with new AI detection and response capabilities that monitor desktop AI applications, discover shadow AI (unauthorized AI tools), and detect threats across endpoints, cloud, and SaaS environments.

Fix: CrowdStrike Falcon AIDR is extending runtime threat detection to desktop AI applications (ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor) with visibility into prompt content and the ability to detect prompt attacks and data leaks. The capability is currently in pre-beta and will be generally available in Q2. Additionally, AI Discovery in CrowdStrike Falcon Exposure Management, now generally available, automatically discovers AI-related components running on endpoints in real time, including AI apps, agents, LLM (large language model) runtimes, MCP (Model Context Protocol) servers, and IDE extensions.

CrowdStrike Blog
The Verge (AI)

Fix: The source explicitly mentions the solution implemented: creating a Skill document. The author states "I decided to see if I could get this working with a Skill" and describes the process: "Clone Starlette from GitHub...Build a skill markdown document for this release which includes code examples of every feature." They then used the "Copy to your skills" button to add this skill to their Claude chat, enabling Claude to generate correct Starlette 1.0 code in subsequent conversations.

Simon Willison's Weblog
privacy
Mar 22, 2026

This research paper describes a method for protecting privacy in distributed gradient descent (a technique where multiple computers work together to train AI models by each processing part of the data). The authors propose using hierarchical secret sharing (a cryptographic approach where information is split into pieces distributed across multiple parties, so no single party can see the complete data) to keep individual data private while still allowing the AI training process to work efficiently.

Elsevier Security Journals
CNBC Technology
The Verge (AI)
CNBC Technology
The Verge (AI)
NVD/CVE Database
NVD/CVE Database
Mar 21, 2026

Anthropic has refused to let the U.S. Department of Defense use its AI technology for mass surveillance (monitoring large groups of people without individual suspicion), but FBI Director Kash Patel revealed that authorities can already conduct large-scale surveillance of Americans by purchasing data directly from private companies, bypassing the need for AI firms' cooperation.

The Guardian Technology
The Verge (AI)
Mar 21, 2026

OpenClaw, an open-source AI assistant project, has become extremely popular and is enabling developers to build and run AI agents locally on personal computers rather than relying on expensive cloud services from major AI companies. This rapid growth has sparked concern that advanced AI models are becoming commodities, with the same capabilities now available cheaply through open-source alternatives instead of only through expensive proprietary services from companies like OpenAI and Anthropic.

CNBC Technology
The Verge (AI)
Mar 20, 2026

Agentic AI (AI systems that can independently take actions) is expected to handle 15-25% of e-commerce by 2030, but this growth creates security risks for retailers. Threat actors may exploit AI agents to commit fraud such as gift card theft and returns fraud, with estimates suggesting one in four data breaches by 2028 could involve AI agent exploitation. Google has introduced the Universal Commerce Protocol (UCP), an open standard designed to enable secure payments between AI agents and retail systems, though the article emphasizes that defending against AI-enabled fraud remains a critical challenge for organizations.

Palo Alto Unit 42

Fix: Pass all user-controlled event fields as environment variables and reference them via shell variables in the `run` block. Never use `${{ }}` expressions inside `run` blocks.

GitHub Advisory Database
CNBC Technology
GitHub Advisory Database