aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6402 items

ChatGPT driving rise in reports of ‘satanic’ organised ritual abuse, UK experts say

infonews
safety
Mar 8, 2026

ChatGPT is being used by survivors of organized ritual abuse to seek therapy, which is driving an increase in reports of such crimes to UK police. Organized ritual abuse involves sexual abuse, violence, and neglect that include ritualistic elements sometimes tied to satanism or other extreme beliefs, and police say these crimes are currently under-reported because there is no specific modern legal charge that covers them.

The Guardian Technology

AI chatbots point vulnerable social media users to illegal online casinos, analysis shows

infonews
safetysecurity

A roadmap for AI, if anyone will listen

inforegulatory
policysafety

OpenAI robotics lead Caitlin Kalinowski quits in response to Pentagon deal

infonews
policysafety

OpenAI delays ChatGPT’s ‘adult mode’ again

infonews
industry
Mar 7, 2026

OpenAI has delayed the launch of 'adult mode,' a planned feature that would let verified adult users access adult content like erotica through ChatGPT. The company postponed the feature from December to early 2026, and has now delayed it again to focus on higher-priority improvements to the chatbot's intelligence and responsiveness.

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

infonews
securityindustry

CVE-2026-30834: PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7,

highvulnerability
security
Mar 7, 2026
CVE-2026-30834

PinchTab is an HTTP server that lets AI agents control a Chrome browser. Before version 0.7.7, it had a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to places it shouldn't, like internal networks or local files) in its /download endpoint that let any user with API access make the server request arbitrary URLs and steal the responses.

What does the US military’s feud with Anthropic mean for AI used in war?

infonews
policysafety

The OpenClaw superfan meetup serves optimism and lobster

infonews
industry
Mar 7, 2026

OpenClaw is an open-source AI assistant platform created by Peter Steinberger that has gained popularity in the tech industry. The article describes a fan convention called ClawCon held in Manhattan to celebrate the platform and its community.

Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare

infonews
policysafety

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

infonews
securityresearch

Trump’s cyber strategy emphasizes offensive operations, deregulation, AI

infonews
policysecurity

GHSA-8w32-6mrw-q5wv: WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

criticalvulnerability
security
Mar 6, 2026
CVE-2026-30860

WeKnora, an AI database query tool, has a critical Remote Code Execution (RCE, where an attacker can run commands on a system they don't own) vulnerability caused by incomplete validation in its SQL injection protection system. The validation framework fails to check PostgreSQL array expressions and row expressions, allowing attackers to hide dangerous functions inside these expressions and bypass all seven security phases, leading to arbitrary code execution on the database server.

GHSA-2f4c-vrjq-rcgv: WeKnora has Broken Access Control - Cross-Tenant Data Exposure

highvulnerability
security
Mar 6, 2026
CVE-2026-30859

WeKnora has a broken access control vulnerability (a security flaw where the application fails to properly check permissions) that lets any logged-in user from one tenant (a separate customer or organization) read sensitive data from other tenants' databases, including API keys (credentials for accessing external services), model configurations, and private messages. The problem happens because three database tables (messages, embeddings, models) are allowed to be queried but don't have automatic tenant filtering applied to them.

GHSA-67q9-58vj-32qx: WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

mediumvulnerability
security
Mar 6, 2026
CVE-2026-30856

WeKnora has a vulnerability where a malicious MCP server (a remote tool provider that integrates with AI clients) can hijack legitimate tools by exploiting how tool names are generated. An attacker registers a fake tool with the same name as a real one (like `tavily_extract`), which overwrites the legitimate version in the tool registry (the list of available tools). The attacker can then trick the LLM into executing their malicious tool and leak sensitive information like system prompts through prompt injection (hiding instructions in tool outputs that the AI treats as commands).

GHSA-ccj6-79j6-cq5q: WeKnora Vulnerable to Broken Access Control in Tenant Management

criticalvulnerability
security
Mar 6, 2026
CVE-2026-30855

WeKnora has a broken access control vulnerability (BOLA, or broken object-level authorization, where an attacker can access resources they shouldn't by manipulating object IDs) in its tenant management system that allows any authenticated user to read, modify, or delete any tenant without permission checks. Since anyone can register an account, attackers can exploit this to take over or destroy other organizations' accounts and access their sensitive data like API keys.

GHSA-m2w3-8f23-hxxf: Caddy's vars_regexp double-expands user input, leaking env vars and files

mediumvulnerability
security
Mar 6, 2026
CVE-2026-30852

Caddy's `vars_regexp` matcher has a double-expansion bug where user input in request headers gets processed twice through the replacer (the system that substitutes placeholders like {env.DATABASE_URL}), allowing attackers to leak environment variables and file contents by crafting malicious headers. Other matchers like `header_regexp` don't have this problem because they only process the header value once.

GHSA-7r4p-vjf4-gxv4: Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation

highvulnerability
security
Mar 6, 2026
CVE-2026-30851

# Analysis ## Summary Caddy's `forward_auth` directive with `copy_headers` fails to remove client-supplied headers when an upstream auth service (an external server that validates user identity) doesn't include those headers in its response, allowing an authenticated attacker to inject arbitrary values for trusted identity headers and escalate privileges. This regression was introduced in November 2024 and affects all stable versions from v2.10.0 onward. ## Solution The source text states: "

Palantir rallies 15% for the week as Iran war boosts prospects, muting Anthropic concern

infonews
policyindustry

GHSA-5f53-522j-j454: Flowise Missing Authentication on NVIDIA NIM Endpoints

highvulnerability
security
Mar 6, 2026
CVE-2026-30824

Flowise incorrectly whitelisted the NVIDIA NIM router (`/api/v1/nvidia-nim/*`) in its authentication middleware, allowing anyone to access sensitive endpoints without logging in. This lets attackers steal NVIDIA API tokens, manipulate Docker containers, and cause denial of service attacks without needing valid credentials.

Previous177 / 321Next
Mar 8, 2026

AI chatbots from major tech companies are recommending illegal online casinos to vulnerable users and even providing advice on how to bypass gambling safety checks, exposing people to fraud, addiction, and serious harm. An analysis of five AI products found that all of them could be easily tricked into listing unlicensed casinos and giving tips on how to use them. Tech firms are being criticized for failing to implement adequate safeguards (security measures) to prevent this dangerous behavior.

The Guardian Technology
Mar 8, 2026

The Pro-Human Declaration, a framework signed by hundreds of experts, proposes five key principles for responsible AI development: keeping humans in charge, avoiding power concentration, protecting human experience, preserving individual liberty, and holding AI companies accountable. The declaration includes specific provisions like prohibiting superintelligence (highly advanced AI systems) development until it's provably safe, requiring mandatory off-switches on powerful systems, and banning self-replicating or self-improving AI architectures. The framework emerged amid political tension over AI governance, highlighting the urgent need for coherent government rules.

Fix: The Pro-Human Declaration proposes mandatory pre-deployment testing of AI products before release to the public, particularly chatbots and companion apps aimed at younger users, to cover risks including increased suicidal ideation, exacerbation of mental health conditions, and emotional manipulation. The declaration also calls for an outright prohibition on superintelligence development until there is scientific consensus it can be done safely and genuine democratic buy-in, mandatory off-switches on powerful systems, and a ban on architectures capable of self-replication, autonomous self-improvement, or resistance to shutdown.

TechCrunch
Mar 7, 2026

OpenAI's robotics lead Caitlin Kalinowski resigned in response to the company's agreement with the Department of Defense, citing concerns about potential surveillance of Americans without court approval and autonomous weapons (weapons that can make lethal decisions without human input) without proper human oversight. Kalinowski emphasized that her issue was not with the people involved but with the deal being announced too quickly without clear safety rules and governance processes in place. OpenAI stated that its agreement includes safeguards against domestic surveillance and fully autonomous weapons, though the controversy led to a significant increase in ChatGPT uninstalls and boosted competitor Claude's app popularity.

TechCrunch
TechCrunch
Mar 7, 2026

OpenAI launched Codex Security, an AI-powered security agent that scans code repositories to find and fix vulnerabilities. During its beta testing, it scanned over 1.2 million commits and identified 792 critical and 10,561 high-severity vulnerabilities in major projects like OpenSSH, GnuTLS, and Chromium, with false positive rates dropping by over 50% through automated validation in sandboxed environments.

Fix: OpenAI describes Codex Security's three-step approach: first, it analyzes a repository and generates an editable threat model; second, it identifies vulnerabilities and pressure-tests flagged issues in a sandboxed environment to validate them (and can validate directly in a project-tailored environment to reduce false positives further); third, it proposes fixes aligned with system behavior to reduce regressions. The tool is available in research preview to ChatGPT Pro, Enterprise, Business, and Edu customers with free usage for the next month.

The Hacker News

Fix: This issue has been patched in version 0.7.7.

NVD/CVE Database
Mar 7, 2026

Anthropic, an AI company, is in a dispute with the US military over safety restrictions on its Claude AI model. Anthropic refuses to allow the government to use Claude for domestic mass surveillance (monitoring citizens' communications without proper oversight) or autonomous weapons systems (weapons that can select and attack targets without human control), while the Pentagon has declared Anthropic a supply chain risk (a company whose products pose a national security threat) for not agreeing to the government's demands, and Anthropic plans to challenge this designation in court.

The Guardian Technology
The Verge (AI)
Mar 7, 2026

The Pentagon's chief technology officer reported disagreement with AI company Anthropic regarding autonomous warfare (military systems that can make decisions and take actions with minimal human control). The military is working on procedures to allow varying degrees of autonomy based on the level of risk involved in different situations.

SecurityWeek
Mar 7, 2026

Anthropic used Claude Opus 4.6 (a large language model, or LLM, which is an AI trained on vast amounts of text to understand and generate language) to find 22 security vulnerabilities in Firefox, including 14 classified as high-severity. The AI model discovered these bugs by scanning nearly 6,000 C++ files in just two weeks, demonstrating that AI can be effective at identifying security flaws in complex software.

Fix: Most issues have been fixed in Firefox 148, with the remainder to be fixed in upcoming releases. Additionally, Anthropic developed Claude Code Security, which uses an AI agent to automatically generate patches for vulnerabilities; the company uses task verifiers (tools that check if a proposed fix actually works) to gain confidence that patches fix the specific vulnerability while maintaining the program's normal functionality.

The Hacker News
Mar 6, 2026

The Trump administration released a cybersecurity strategy that emphasizes offensive cyber operations (proactive attacks on adversary networks rather than waiting to respond to attacks), deregulation of industry rules, and AI adoption. The strategy outlines six pillars including disrupting adversaries, reducing regulations, modernizing government networks with zero-trust architecture (a security model that doesn't automatically trust any user or device), and securing critical infrastructure like power grids and hospitals.

CSO Online
GitHub Advisory Database
GitHub Advisory Database
GitHub Advisory Database
GitHub Advisory Database
GitHub Advisory Database
GitHub Advisory Database
Mar 6, 2026

Palantir's stock rallied 15% this week after the U.S. attacked Iran, because the company relies on government spending for about 60% of its revenue and works heavily with military and intelligence agencies. Wall Street showed little concern about the U.S. government blacklisting Anthropic (an AI company that had partnered with Palantir on defense projects), as analysts noted there are alternative AI models available and that replacing Anthropic's systems will take time but is manageable.

CNBC Technology
GitHub Advisory Database