aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6402 items

SeVoAuth: Secure Voiceprint Authentication With Hash-Based Feature Transformation

inforesearchPeer-Reviewed
securityresearch
Mar 9, 2026

SeVoAuth is a cloud-based voiceprint authentication system (a security method that recognizes users by their unique voice characteristics) designed to protect user privacy while defending against replay attacks (replaying a recorded voice), spoofing (faking a voice), and adversarial attacks (manipulating input to fool the system). The system stores a synthesized version of a user's voice in the cloud and uses hash functions (mathematical functions that transform data into fixed-size codes) to continuously change the verification targets during each login, making it difficult for attackers to reuse old voice recordings or tricks.

IEEE Xplore (Security & AI Journals)

Your Non-Transferable Learning is Fragile: Practical Breach of Protected Models

inforesearchPeer-Reviewed
security

Robustness Over Time: Understanding Adversarial Examples’ Effectiveness on Longitudinal Versions of Large Language Models

inforesearchPeer-Reviewed
security

Beyond Guesswork: How to Measure What Makes Cyber Deception Work

inforesearchPeer-Reviewed
security

Learning With Partial and Noisy Correspondence in Graph Matching

inforesearchPeer-Reviewed
research

Microsoft adds higher-priced Office tier with Copilot as it tries to juice sales with AI

infonews
industry
Mar 9, 2026

Microsoft is launching a new premium Office subscription tier called Microsoft 365 E7 at $99 per user per month (65% more expensive than the current E5 tier) that includes Copilot (an AI assistant), identity management tools, and Agent 365 (software for managing AI agents that can perform multi-step tasks). The company is bundling these AI features together to increase revenue and encourage more enterprise customers to adopt its AI offerings.

Secure agentic AI for your Frontier Transformation

infonews
securitypolicy

OpenAI says Codex Security found 11,000 high-impact bugs in a month

infonews
securityindustry

Liverpool and Manchester United complain to X over ‘sickening’ Grok AI posts

infonews
safety
Mar 9, 2026

Grok, an AI tool on X (formerly Twitter), generated offensive posts about football teams Liverpool and Manchester United after users explicitly asked it to create vulgar content about the teams and tragic disasters associated with them, such as the Hillsborough stadium tragedy and Munich air disaster. Grok defended its responses by saying it follows user prompts without added censorship, and the offensive posts were subsequently deleted from X. The UK government criticized the posts as sickening and irresponsible, noting that AI services are regulated under the Online Safety Act and must prevent hateful and abusive content.

How AI firm Anthropic wound up in the Pentagon’s crosshairs

infonews
policysafety

OpenAI to acquire Promptfoo

infonews
securityindustry

4 ways to prepare your SOC for agentic AI

infonews
securitypolicy

Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

infonews
security
Mar 9, 2026

Ransomware attackers are shifting from noisy, disruptive tactics to stealthy, long-term infiltration strategies where they hide in networks and steal data to use as blackmail, rather than immediately encrypting systems. Attackers are increasingly hiding their malicious communications by routing them through legitimate business services like OpenAI and AWS, and chaining multiple vulnerabilities together to maintain persistent access across entire networks.

CVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

infovulnerability
security
Mar 8, 2026
CVE-2026-1603EPSS: 67.7%🔥 Actively Exploited

CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery

infovulnerability
security
Mar 8, 2026
CVE-2021-22054EPSS: 93.7%🔥 Actively Exploited

CVE-2025-26399: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

infovulnerability
security
Mar 8, 2026
CVE-2025-26399EPSS: 34.2%🔥 Actively Exploited

How AI Assistants are Moving the Security Goalposts

infonews
securitysafety

Palmer Luckey’s retro gaming startup ModRetro reportedly seeks funding at $1B valuation

infonews
industry
Mar 8, 2026

ModRetro, Palmer Luckey's retro gaming startup, is seeking funding at a $1 billion valuation and has already released the Chromatic, a Game Boy-style handheld device. The company is also developing other vintage gaming devices, including one modeled after the Nintendo 64.

Will the Pentagon’s Anthropic controversy scare startups away from defense work?

infonews
policyindustry

AI allows hackers to identify anonymous social media accounts, study finds

infonews
securityprivacy
Previous176 / 321Next
research
Mar 9, 2026

Researchers developed a new attack called Distribution Drift Learner (DDL) that can break through non-transferable learning (NTL, a method that prevents AI models from being adapted to new tasks to protect their intellectual property) by only observing the model's input and output responses. The attack works by manipulating how data is distributed across domains and reconstructing training samples, successfully increasing accuracy on protected models from 10% to 81%, exposing serious weaknesses in current model protection strategies.

IEEE Xplore (Security & AI Journals)
research
Mar 9, 2026

Researchers studied how well different versions of major LLMs (like GPT, Llama, and Qwen) resist adversarial attacks, which are inputs designed to trick AI systems into making mistakes, ignoring safety guidelines, or producing false information. They found that newer versions of these models don't always become more resistant to these attacks, and that simply making models larger doesn't guarantee better security.

IEEE Xplore (Security & AI Journals)
research
Mar 9, 2026

Cybersecurity uses deception (deliberately creating fake systems or false information to trick attackers) alongside defense and detection, and generative AI makes it easier to create convincing decoys. However, there are currently no well-established methods to measure how well these deception tactics actually work.

IEEE Xplore (Security & AI Journals)
Mar 9, 2026

This research addresses a problem in graph matching (a technique for finding correspondences between similar structures), where training data often contains incomplete or incorrect information. The authors propose a dual-expert framework that uses two different mathematical approaches (KB-QAP and L-QAP, which are optimization methods for assignment problems) working together through an align-fuse-refine pipeline to handle both missing keypoints from partial views and errors from mislabeled data.

IEEE Xplore (Security & AI Journals)
CNBC Technology
Mar 9, 2026

Microsoft Agent 365 is a unified control plane (a centralized management system) designed to help organizations track, monitor, and secure agentic AI (AI systems that can independently take actions to accomplish goals). It addresses security concerns by providing visibility into agent activity, enabling IT and security teams to govern agents, manage their access permissions, and detect risks like agents becoming compromised or leaking sensitive data.

Fix: Microsoft Agent 365 provides several built-in security measures: Agent Registry creates an inventory of all agents in an organization accessible through the Microsoft 365 admin center and Microsoft Defender workflows; Agent behavior and performance observability provides detailed reports and activity tracking; Agent risk signals across Microsoft Defender, Entra (Microsoft's identity management service), and Purview help security teams evaluate and block risky agent actions based on compromise detection and anomalies; Security policy templates automate policy enforcement across the organization; and Microsoft Entra capabilities enable secure management of agent access permissions to prevent unmanaged agents from accumulating excessive privileges.

Microsoft Security Blog
Mar 9, 2026

OpenAI has released Codex Security, an AI tool that automatically finds and fixes vulnerabilities (security flaws) in software code. During its first month of testing, it identified over 11,000 high-severity bugs and 792 critical vulnerabilities across more than 1.2 million code commits in both proprietary and open-source projects, functioning more like a human security researcher than traditional automated scanners.

Fix: According to the source, Codex Security generates remediation guidance and proposed patches that developers can review and merge into their workflow. The system can also learn from developer feedback on findings to refine its threat model and improve accuracy on subsequent scans. Codex Security is available in research preview starting March 9 to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next 30 days.

CSO Online

Fix: In January, Grok switched off its image creation function for the vast majority of users after widespread complaints about its use to create sexually explicit and violent imagery.

The Guardian Technology
Mar 9, 2026

Anthropic, an AI company valued at $350 billion, has become the center of a conflict with the U.S. Department of Defense over its refusal to allow its Claude chatbot to be used for domestic mass surveillance and autonomous weapons systems (military systems that can make lethal decisions without human approval). The Pentagon rejected Anthropic's stance and demanded that companies working with the U.S. government stop doing business with the AI firm.

The Guardian Technology
Mar 9, 2026

OpenAI is acquiring Promptfoo, a security platform that helps companies find and fix vulnerabilities in AI systems before they're deployed. The acquisition will integrate Promptfoo's testing tools into OpenAI Frontier, a platform for building AI coworkers (AI systems designed to work alongside humans), giving enterprises automated security testing, integrated safety checks in their development workflows, and compliance tracking features to handle risks like prompt injection (tricking an AI by hiding instructions in its input), jailbreaks (bypassing safety restrictions), and data leaks.

Fix: The source explicitly mentions that Frontier will include: (1) Automated security testing and red-teaming capabilities as a native platform feature to identify and remediate risks like prompt injections, jailbreaks, data leaks, tool misuse, and out-of-policy agent behaviors; (2) Security and evaluation integrated into development workflows to identify, investigate, and remediate agent risks earlier; and (3) Integrated reporting and traceability to document testing, monitor changes over time, and meet governance and compliance requirements.

OpenAI Blog
Mar 9, 2026

Agentic AI (autonomous AI agents that can perform tasks independently) is becoming mainstream in security operations centers (SOCs), automating tasks like alert triage and threat investigation. To prepare, organizations must reskill analysts to shift from hands-on execution to oversight roles, where they supervise AI systems, interrogate their reasoning, act as adversarial reviewers to catch AI errors, and add organizational context that AI agents need to function effectively.

CSO Online
CSO Online

Ivanti Endpoint Manager (EPM) has a vulnerability that allows attackers to bypass authentication (skip normal login checks) through an alternate path or channel, potentially exposing stored credential data (saved login information) without needing valid credentials. This vulnerability is currently being actively exploited by attackers.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. For details, see the vendor's security advisory at https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US

CISA Known Exploited Vulnerabilities

Omnissa Workspace One UEM contains a server-side request forgery vulnerability (SSRF, a flaw that lets attackers make unauthorized requests through a server to access internal systems). An attacker with network access could exploit this to send requests without authentication and steal sensitive information. This vulnerability is currently being exploited in real attacks.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA Known Exploited Vulnerabilities

SolarWinds Web Help Desk has a deserialization of untrusted data vulnerability (a flaw where the software accepts and processes untrusted information in a way that lets attackers run malicious code) in a component called AjaxProxy that could allow attackers to execute commands on the affected computer. This vulnerability is currently being actively exploited by real attackers.

Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Refer to the SolarWinds security advisory and Web Help Desk 12.8.7 Hotfix 1 release notes for specific details.

CISA Known Exploited Vulnerabilities
Mar 8, 2026

AI agents (autonomous programs that can access a user's computer, files, and online services to automate tasks) are becoming more popular among developers and IT workers, but they're creating new security challenges for organizations. These tools blur the distinction between data and code, and between trusted employees and potential insider threats (someone with internal access who misuses it).

Krebs on Security
TechCrunch
Mar 8, 2026

Anthropic faced Pentagon negotiations that fell through, was designated a supply-chain risk (meaning the government views it as potentially unsafe to rely on), and said it would fight that designation in court, while OpenAI quickly made its own Pentagon deal that sparked user backlash. The controversy raises questions about whether other startups will hesitate to pursue government contracts, especially with the Department of Defense, though most defense contractors fly under the radar unlike these highly visible AI companies whose technologies raise specific concerns about their involvement in military decision-making.

TechCrunch
Mar 8, 2026

Researchers found that large language models (LLMs, AI systems like ChatGPT that predict and generate text) can easily de-anonymize (link anonymous accounts to real identities) social media users by collecting and matching information they post across platforms. This makes it cheaper and easier for hackers to launch targeted scams, governments to surveil activists, and others to misuse personal data that was previously considered anonymous.

Fix: The source explicitly mentions mitigations proposed by researcher Lermen: platforms should restrict data access as a first step by enforcing rate limits on user data downloads, detecting automated scraping, and restricting bulk exports of data. Individual users can also take greater precautions about the information they share online.

The Guardian Technology