aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6373 items

Invisible datacentres and capricious chips: is UK’s AI bubble about to burst?

infonews
industry
Mar 14, 2026

Major AI infrastructure projects like OpenAI's Stargate datacentre (a massive computing facility where AI systems run) are facing financial and timeline challenges, with OpenAI backing away from parts of a planned $500 billion expansion in Texas. The article suggests that massive investments in datacentres and AI chips represent a significant economic gamble, with the UK potentially at particular risk if this 'AI bubble' deflates.

The Guardian Technology

Microsoft’s Copilot AI assistant is coming to current-gen Xbox consoles this year

infonews
industry
Mar 13, 2026

Microsoft is planning to release Gaming Copilot, an AI assistant that helps players when they get stuck in games, on current-generation Xbox consoles later this year. The assistant, which responds to voice commands, has already been tested in beta versions on Xbox's mobile app, Windows 11, and Xbox Ally handhelds, and Microsoft plans to expand it to additional gaming services.

CVE-2026-31949: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exist

mediumvulnerability
security
Mar 13, 2026
CVE-2026-31949

LibreChat, a ChatGPT alternative with extra features, has a vulnerability in versions before 0.8.3-rc1 where an authenticated attacker can crash the server by sending malformed requests to a specific endpoint. The bug occurs because the code tries to extract data from a request without checking if it exists first, causing an unhandled error (a TypeError, which is a type of programming mistake) that shuts down the entire Node.js server process.

CVE-2026-31944: LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth c

highvulnerability
security
Mar 13, 2026
CVE-2026-31944

LibreChat versions 0.8.2 to 0.8.2-rc3 have a security flaw in the MCP (Model Context Protocol, a system for connecting AI models to external services) OAuth callback endpoint that fails to verify the user's identity. An attacker can trick a victim into completing an authorization flow, which stores the victim's OAuth tokens (credentials that grant access to services) on the attacker's account, allowing the attacker to take over the victim's connected services like Atlassian or Outlook.

Nvidia's GTC will mark an AI chip pivot. Here's why the CPU is taking center stage

infonews
industry
Mar 13, 2026

Nvidia is shifting focus toward CPUs (central processing units, the main general-purpose chips in computers) alongside its famous GPUs (graphics processing units) because agentic AI (AI systems that autonomously complete tasks by orchestrating multiple agents working together) requires significant general computing power to move data and coordinate workflows. The company is unveiling new CPU details at its GTC conference, with demand from major partners like Meta driving a predicted doubling of the CPU market from $27 billion in 2025 to $60 billion by 2030.

GHSA-f38f-5xpm-9r7c: CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

highvulnerability
security
Mar 13, 2026
CVE-2026-31899

CairoSVG (an SVG image processing library) has a denial-of-service vulnerability where recursive `<use>` elements (SVG tags that reference other graphics elements) can be nested without limits, causing exponential CPU exhaustion. A tiny 1,411-byte SVG file with just 5 levels of nesting and 10 references each triggers 100,000 render calls, pinning CPU at 100% indefinitely.

1M context is now generally available for Opus 4.6 and Sonnet 4.6

infonews
industry
Mar 13, 2026

Anthropic has made 1M context (the ability to process 1 million tokens, which are small units of text that AI models break language into) generally available for its Opus 4.6 and Sonnet 4.6 models at standard pricing, with no additional charge for using the full window. This differs from competitors like OpenAI and Gemini, which charge premium rates when token usage exceeds certain thresholds (200,000 tokens for Gemini 3.1 Pro and 272,000 for GPT-5.4).

The quiz that keeps families connected | Brief letters

infonews
security
Mar 13, 2026

This content consists of letters to an editor about family quizzes and avoiding AI chatbots. One letter mentions that submitting gibberish to chatbots can circumvent them and quickly connect users to human support staff.

AI agents could easily send college grad unemployment over 30%, ServiceNow CEO says

infonews
industrypolicy

AI Safety Newsletter #69: Department of War, Anthropic, and National Security

infonews
policysafety

SMInject: Specious Malignant Injection Attacks With Semantically-Enhanced Tokens in Cross-Modal Retrieval

inforesearchPeer-Reviewed
security

MSDT: A Secure Blockchain-Based Multi-Subset Data Trading Protocol With Atomicity and Quality Guarantees

inforesearchPeer-Reviewed
research

EBFT: Simplifying BFT Consensus Through Egalitarianism

inforesearchPeer-Reviewed
security

${\mathsf{KubeSec}} $KubeSec: Automatic Detection of Takeover Risks Introduced by Third-Party Apps in the Kubernetes Ecosystem

inforesearchPeer-Reviewed
security

IIoT Data Sharing: CP-A$\!^{2}$2BE With Outsourced Decryption and Verifiable Revocation

inforesearchPeer-Reviewed
security

EPRU: Efficient and Privacy-Aware Reputation Update Scheme With a Dual-Threshold Mechanism for Vehicular Platoons

inforesearchPeer-Reviewed
security

Unveiling Deepfakes: A Frequency-Aware Triple Branch Network for Deepfake Detection

inforesearchPeer-Reviewed
research

Fraud-RLA: A Reinforcement Learning Adversarial Attack Against Credit Card Fraud Detection

inforesearchPeer-Reviewed
security

A Tor-Based Anonymous Network Covert Channel

inforesearchPeer-Reviewed
security

The Download: how AI is used for military targeting, and the Pentagon’s war on Claude

infonews
safetypolicy
Previous165 / 319Next
The Verge (AI)

Fix: Update LibreChat to version 0.8.3-rc1 or later, where this vulnerability is fixed.

NVD/CVE Database

Fix: Update to LibreChat version 0.8.3-rc1, where this vulnerability is fixed.

NVD/CVE Database
CNBC Technology

Fix: Add recursion depth counter to the `use()` function in `cairosvg/defs.py` (line ~335) and cap it at approximately 10 levels. Additionally, implement a total element budget to prevent amplification attacks.

GitHub Advisory Database
Simon Willison's Weblog
The Guardian Technology
Mar 13, 2026

ServiceNow's CEO warns that AI agents (software programs that can perform tasks independently) automating work could push college graduate unemployment into the mid-30s within a few years, making it harder for entry-level workers to stand out. Multiple major tech companies are already using AI to cut jobs and reduce hiring costs, affecting both technical roles like coding and white-collar positions across industries.

CNBC Technology
Mar 13, 2026

The US Department of War designated Anthropic as a 'supply chain risk' (a classification that prevents a company from being used in government contracts) after the company refused to remove safety restrictions on its AI model Claude, specifically rejecting military demands to enable fully autonomous weapons and domestic mass surveillance. Anthropic is challenging this designation in court, and legal experts question whether the Department of War has the authority to impose such restrictions outside of actual contract disputes.

CAIS AI Safety Newsletter
research
Mar 13, 2026

Researchers developed SMInject, a new type of attack that tricks multimodal AI models (systems that process both text and images together) by injecting deceptive instructions that exploit how different data types relate to each other. The attack is designed to be harder to detect than previous methods and achieves higher success rates while still keeping the model appearing to work normally.

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

MSDT is a blockchain-based protocol (a system using distributed ledger technology) designed to let people safely buy and sell data without needing a trusted middleman. The main challenge it addresses is ensuring that both the data buyer receives what they paid for and the seller gets paid simultaneously (called atomicity), while also verifying the data is actually good quality. MSDT solves this by using state channels (off-chain transactions that reduce costs) for trading contracts and adding a staking mechanism (where participants lock up funds as a security deposit) to discourage sellers from behaving dishonestly.

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

EBFT is a new consensus framework for permissioned blockchains (private blockchain networks where participants are known) that improves security by having nodes randomly propose blocks instead of relying on a single leader node. It combines ideas from Nakamoto consensus (the longest-chain rule used in Bitcoin) with classical BFT (Byzantine fault tolerance, a method for systems to reach agreement even when some nodes are faulty or malicious), achieving strong safety guarantees while remaining simple to implement.

IEEE Xplore (Security & AI Journals)
research
Mar 13, 2026

Third-party applications (TPAs, external software added to Kubernetes clusters) can be exploited to take over Kubernetes clusters, a container orchestration platform (software that manages containerized applications). Researchers created KubeSec, a tool that automatically analyzes these applications to find security weaknesses, discovering 562 insecure RBAC (role-based access control, a permission system in Kubernetes) patterns and 375 vulnerabilities affecting millions of users. The research revealed that these vulnerabilities take over 10 months on average to fix, highlighting a critical security gap in Kubernetes cluster management.

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

This research proposes CP-A²2BE, a security system for sharing data in Industrial Internet of Things (IIoT, or connected devices in factories). The system uses ciphertext-policy attribute-based encryption (a method that encrypts data so only users with specific characteristics can decrypt it) with three improvements: faster decryption through edge computing (processing at local factory nodes instead of distant servers), privacy protection for device and worker attributes, and a verifiable revocation mechanism (a way to instantly revoke access while proving the operation is legitimate).

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

This paper presents EPRU, a reputation-based authentication system designed to help vehicles in platoons (groups of cars traveling together) communicate securely and trustworthily. Unlike existing systems that only verify message integrity, EPRU also evaluates whether the content of messages is credible by tracking vehicle behavior in real time, using encryption (mathematical techniques that scramble data) to protect vehicle identities and feedback data.

IEEE Xplore (Security & AI Journals)
safety
Mar 13, 2026

This research addresses the challenge of detecting deepfakes (synthetic videos or images created by AI to manipulate someone's appearance) by proposing a new detection method called a triple-branch network. The method analyzes images using both spatial features (visual patterns) and frequency features (patterns that emerge when you break down images into their component wavelengths), combined with a mathematical approach based on mutual information theory (a concept measuring how much information one variable reveals about another) to improve detection accuracy across different types of forgeries.

IEEE Xplore (Security & AI Journals)
research
Mar 13, 2026

Researchers created Fraud-RLA, an adversarial attack (a method to trick AI systems by finding weaknesses) that uses reinforcement learning (a technique where AI learns by trial and error to maximize rewards) to evade credit card fraud detection systems. The attack is designed to steal maximum amounts of money while requiring less background knowledge about the system than other attack methods. Tests showed the attack worked effectively against realistic fraud detection systems.

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

This paper describes ANCC, a method for hiding secret communications within the Tor network (an anonymous internet overlay system) by disguising data as normal Tor activity. Unlike previous hidden communication methods that could expose either the sender or receiver, ANCC protects the identity of both parties and conceals that they are communicating at all, even against adversaries monitoring many network nodes.

IEEE Xplore (Security & AI Journals)
Mar 13, 2026

The US military is considering using generative AI systems (AI models that can create text and analyze data) to help rank military targets and recommend which ones to strike, with human officials making final decisions. The Pentagon is also favoring OpenAI's ChatGPT and xAI's Grok for these high-stakes military applications, while facing criticism from officials who claim that Anthropic's Claude would negatively affect the defense supply chain.

MIT Technology Review