aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6402 items

GHSA-cwc3-p92j-g7qm: Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

highvulnerability
security
Mar 6, 2026
CVE-2026-30823

Flowise has a critical IDOR (insecure direct object reference, a flaw where an app trusts user input to identify which data to access without checking permissions) vulnerability in its login configuration endpoint. An attacker with a free account can modify any organization's single sign-on settings by simply specifying a different organization ID, enabling account takeover by redirecting logins to attacker-controlled credentials and bypassing enterprise license restrictions.

GitHub Advisory Database

GHSA-mq4r-h2gh-qv7x: Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint

highvulnerability
security
Mar 6, 2026
CVE-2026-30822

A mass assignment vulnerability (a type of attack where an attacker controls internal fields by sending them in a request) exists in Flowise's `/api/v1/leads` endpoint, allowing unauthenticated users to override auto-generated fields like `id`, `createdDate`, and `chatId` by including them in the request body. The vulnerability occurs because the code uses `Object.assign()` to copy all properties from user input directly into the database entity without filtering, bypassing the intended auto-generation of these fields.

Mayor Sadiq Khan invites embattled AI firm Anthropic to expand in London

infonews
policy
Mar 6, 2026

London Mayor Sadiq Khan invited AI company Anthropic to expand in the city after the U.S. Pentagon designated it a supply chain risk (a label meaning the government views the company as not secure enough to work with) because Anthropic refused to give defense agencies unrestricted access to its AI tools and raised concerns about using its Claude model for mass surveillance or autonomous military targeting. The company plans to challenge the Pentagon's designation in court, and Microsoft announced it would continue using Anthropic's technology except for the U.S. Department of Defense.

CVE-2026-29791: Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environmen

mediumvulnerability
security
Mar 6, 2026
CVE-2026-29791

Agentgateway is an open source data plane (a software layer that handles data movement for AI agents working across different frameworks) that had a security flaw in versions before 0.12.0, where user input in paths, query parameters, and headers were not properly cleaned up when converting tool requests to OpenAPI format. This lack of input validation (CWE-20, checking that data matches expected rules) could potentially be exploited, but the vulnerability has been patched.

Amazon says Anthropic’s Claude still OK for AWS customers to use outside defense work

inforegulatory
policyindustry

Google joins Microsoft in telling users Anthropic is still available outside defense projects

inforegulatory
policyindustry

Microsoft, Google, Amazon say Anthropic Claude remains available to non-defense customers

inforegulatory
policy
Mar 6, 2026

The U.S. Department of Defense designated Anthropic (maker of Claude AI) as a supply-chain risk after the company refused to provide unrestricted access for military applications like mass surveillance and autonomous weapons. Microsoft, Google, and AWS confirmed that Claude will remain available to non-defense customers through their platforms, and the designation only restricts direct Department of Defense use, not broader commercial applications.

Is the Pentagon allowed to surveil Americans with AI?

infonews
policysecurity

The AI Doc is an overwrought hype piece for doomers and accelerationists alike

infonews
industry
Mar 6, 2026

The article discusses how generative AI (AI systems that can create new text, images, or other content) is being rapidly integrated into many areas of life, but both supporters and critics use exaggerated language that makes it hard to understand what AI actually does and how it works. A documentary called 'The AI Doc' attempts to clarify the current state of AI development by examining perspectives from both optimistic and pessimistic viewpoints.

Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

infonews
securityresearch

GHSA-j8g8-j7fc-43v6: Flowise has Arbitrary File Upload via MIME Spoofing

highvulnerability
security
Mar 6, 2026
CVE-2026-30821

Flowise has a file upload vulnerability where the server only checks the `Content-Type` header (MIME type spoofing, pretending a file is one type when it's actually another) that users provide, instead of verifying what the file actually contains. Because the upload endpoint is whitelisted (allowed without authentication), an attacker can upload malicious files by claiming they're safe types like PDFs, leading to stored attacks or remote code execution (RCE, where attackers run commands on the server).

GHSA-wvhq-wp8g-c7vq: Flowise has Authorization Bypass via Spoofed x-request-from Header

highvulnerability
security
Mar 6, 2026
CVE-2026-30820

Flowise has a critical authorization bypass flaw in its `/api/v1` routes where the middleware trusts any request with the header `x-request-from: internal`, even though this header can be spoofed by any user. This allows a low-privilege authenticated tenant (someone with a valid browser cookie) to call internal administration endpoints, like API key creation and credential management, without proper permission checks, effectively escalating their privileges.

The 2025 SIM IT Issues and Trends Study

inforesearchPeer-Reviewed
industry

The Evolution of AI Compliance Assistance from Reactive Support to Co-Agency

inforesearchPeer-Reviewed
policy

Anthropic’s Pentagon deal is a cautionary tale for startups chasing federal contracts

infonews
policyindustry

Claude’s consumer growth surge continues after Pentagon deal debacle

infonews
industry
Mar 6, 2026

Claude, an AI chatbot made by Anthropic, is gaining users rapidly on mobile devices after the company's leadership refused to let the Pentagon use it for mass surveillance or autonomous weapons. Claude's daily active users on phones reached 11.3 million in early March, up 183% since the start of the year, and the app became the top-ranked app in the U.S. and 15 other countries, with over 1 million new sign-ups per day.

The Guardian view on AI in war: the Iran conflict shows that the paradigm shift has already begun

infonews
policysafety

Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short

infonews
securitypolicy

Anthropic and the Pentagon

infonews
policyindustry

Anthropic and the Pentagon

infonews
policyindustry
Previous178 / 321Next
GitHub Advisory Database
BBC Technology

Fix: This issue has been patched in version 0.12.0. Update Agentgateway to version 0.12.0 or later to resolve the vulnerability.

NVD/CVE Database
Mar 6, 2026

Amazon announced that AWS customers can continue using Anthropic's Claude AI models for all work except Department of Defense projects, after the federal government labeled Anthropic a "supply chain risk." Anthropic says it will challenge this designation in court, and major cloud providers (Amazon, Microsoft, and Google) are helping customers transition to alternative AI models for defense-related work.

CNBC Technology
Mar 6, 2026

Google and Microsoft announced they will continue offering Anthropic's Claude AI models to their cloud customers for non-defense work, after the U.S. Defense Department designated Anthropic as a supply chain risk (a company that poses potential security or operational threats to government operations). The announcements came after the Trump administration instructed federal agencies to stop using Anthropic's technology, but the companies determined that non-defense projects are still permitted under this designation.

CNBC Technology
TechCrunch
Mar 6, 2026

The Pentagon and AI companies are in a dispute over whether existing U.S. law allows the government to use AI to analyze bulk commercial data collected from Americans for surveillance purposes. Legal experts point out that current law has a major gap: public information, commercial data (like location and browsing records), and information accidentally collected during foreign surveillance are not legally considered "surveillance," so the government can use them without warrants or court orders, even as AI makes this surveillance much more powerful than before.

MIT Technology Review
The Verge (AI)
Mar 6, 2026

Anthropic used Claude Opus 4.6 (an advanced AI model) to test Firefox's code and discovered 22 vulnerabilities, including 14 severe ones, over two weeks. Most of these bugs have already been fixed in Firefox 148 released in February, though some fixes will come in a later update. The AI was much better at finding security problems than creating working exploits to demonstrate them.

Fix: Most vulnerabilities have been fixed in Firefox 148 (released February). A few remaining fixes will be addressed in the next release.

TechCrunch (Security)
GitHub Advisory Database
GitHub Advisory Database
Mar 6, 2026

A 2025 survey of 704 IT executives found that AI is now the top concern for IT management, ahead of cybersecurity and aligning IT with business goals. While most organizations are increasing IT salaries (90.5%), fewer are hiring new IT staff (54.2%), and cost control has dropped as a priority for measuring how well IT leaders perform.

AIS eLibrary (Journal of AIS, CAIS, etc.)
safety
Mar 6, 2026

A banking group implemented a retrieval-augmented AI-powered compliance assistant (a system where AI pulls in external compliance documents to answer questions) to help with regulatory requirements while maintaining human oversight. The article identifies key challenges with this approach, including authority illusion (over-trusting the AI's answers), unclear responsibility for decisions, loss of human judgment about context, and gaps in understanding how the system works, then proposes a four-phase framework to help organizations move from passive AI assistants toward systems where AI and humans reason together.

AIS eLibrary (Journal of AIS, CAIS, etc.)
Mar 6, 2026

Anthropic and the Pentagon failed to agree on how much control the military should have over Anthropic's AI models, particularly regarding use in autonomous weapons and mass surveillance, causing a $200 million contract to fall apart and leading the Pentagon to designate Anthropic a supply-chain risk (a category indicating potential security or reliability concerns). The Department of Defense then turned to OpenAI instead, which accepted the contract, though this decision led to a significant surge in ChatGPT uninstalls. The situation raises an important question about balancing national security needs with responsible AI deployment.

TechCrunch
TechCrunch
Mar 6, 2026

The UN and AI companies are debating who should control how artificial intelligence is used in military contexts, especially after the US military's use of AI in the Iran crisis. AI company Anthropic refused to remove safeguards (safety features built into their AI) that would prevent the US Department of Defense from using its technology for mass surveillance or autonomous lethal weapons (weapons that can select and fire at targets without human control), while OpenAI later agreed to work with the Pentagon despite similar concerns. The article emphasizes that decisions about military AI use raise urgent questions about democratic oversight and international controls, rather than leaving these choices solely to companies or governments.

The Guardian Technology
Mar 6, 2026

CISOs (chief information security officers, the executives responsible for an organization's cybersecurity) and corporate boards spend only about 30 minutes per quarter discussing cyber risk, and these conversations lack depth and strategic engagement. The report found that while 95% of CISOs report to their boards regularly, most discussions are brief check-ins rather than collaborative problem-solving, and boards want better insight into emerging threats like AI-driven attacks (attacks powered by artificial intelligence).

CSO Online
Mar 6, 2026

Anthropic and other major AI companies are competing in a market where their AI models have similar performance levels, with only small quality improvements appearing every few months. In this competitive environment, Anthropic is trying to stand out by branding itself as the most ethical and trustworthy AI provider, which gives it value with both individual users and large organizations.

Simon Willison's Weblog
Mar 6, 2026

Anthropic lost a US Department of Defense contract after refusing to let the Pentagon use its AI models for mass surveillance or fully autonomous weapons (systems that make kill decisions without human input), while OpenAI secured the contract by agreeing to provide classified government systems with AI. The article argues this outcome may benefit Anthropic by reinforcing its brand as a trustworthy, ethical AI provider in a competitive market where different AI models perform similarly.

Schneier on Security