aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6409 items

GHSA-943q-mwmv-hhvh: OpenClaw: Gateway /tools/invoke tool escalation + ACP permission auto-approval

highvulnerability
security
Mar 2, 2026

OpenClaw Gateway had two security flaws that could let an attacker with a valid token escalate their access: the HTTP endpoint (`POST /tools/invoke`, a web interface for running tools) didn't block dangerous tools like session spawning by default, and the permission system could auto-approve risky operations without enough user confirmation. Together, these could allow an attacker to execute commands or control sessions if they reach the Gateway.

Fix: Update to OpenClaw version 2026.2.14 or later. The fix includes: denying high-risk tools over HTTP by default (with configuration overrides available via `gateway.tools.{allow,deny}`), requiring explicit prompts for any non-read/search permissions in the ACP (access control permission) system, adding security warnings when high-risk tools are re-enabled, and making permission matching stricter to prevent accidental auto-approvals. Additionally, keep the Gateway loopback-only (only accessible locally) by setting `gateway.bind="loopback"` or using `openclaw gateway run --bind loopback`, and avoid exposing it directly to the internet without using an SSH tunnel or Tailscale.

GitHub Advisory Database

Stripe wants to turn your AI costs into a profit center

infonews
industry
Mar 2, 2026

Stripe released a preview feature that helps AI startups automatically bill their customers for AI model usage (tokens, which are units of text that AI models process) and add a profit margin on top of the underlying costs. For example, a startup can charge customers 30% more than what it pays to access models from providers like OpenAI or Google, with Stripe automating the tracking and billing process across multiple AI models and third-party gateways.

No one has a good plan for how AI companies should work with the government

infonews
policy
Mar 2, 2026

OpenAI won a Pentagon contract that Anthropic refused, sparking public backlash over concerns about the company's involvement in mass surveillance and automated weaponry. The situation highlights that as AI companies become part of national security infrastructure, neither the companies nor the government appear ready to manage the ethical and policy challenges this creates, particularly around who should have power over these decisions.

Critical OpenClaw Vulnerability Exposes AI Agent Risks

infonews
security
Mar 2, 2026

A critical vulnerability in OpenClaw, a popular AI tool used by developers, has been discovered and patched. The flaw is part of a pattern of security problems affecting this rapidly-adopted AI agent (a software system that can perform tasks autonomously).

GHSA-jq4x-98m3-ggq6: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

highvulnerability
security
Mar 2, 2026

OpenClaw's canvas tool contains a path traversal vulnerability (a security flaw that allows reading files outside intended directories) in its `a2ui_push` action. An authenticated attacker can supply any filesystem path to the `jsonlPath` parameter, and the gateway reads the file without validation and forwards its contents to connected nodes, potentially exposing sensitive files like credentials or SSH keys.

Anthropic upgrades Claude’s memory to attract AI switchers

infonews
industry
Mar 2, 2026

Anthropic has updated Claude to make switching from other AI chatbots easier by adding memory features to the free plan and creating tools to import user data from competitors like ChatGPT and Gemini. These updates let users transfer the context and conversation history their previous AI already knows about them, so they don't have to re-teach Claude the same information.

GHSA-vmwq-8g8c-jm79: OpenChatBI has a Path Traversal Vulnerability in save_report Tool

highvulnerability
security
Mar 2, 2026

OpenChatBI has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its save_report tool because it doesn't properly validate the file_format parameter, allowing attackers to use sequences like '/../' to write files to arbitrary locations and potentially execute malicious code.

CVE-2026-2256: A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker t

mediumvulnerability
security
Mar 2, 2026
CVE-2026-2256

CVE-2026-2256 is a command injection vulnerability (a flaw where an attacker tricks a program into running unwanted operating system commands) in ModelScope's ms-agent software versions v1.6.0rc1 and earlier. An attacker can exploit this by sending specially crafted prompts to execute arbitrary commands on the affected system.

Anthropic’s AI model Claude gets popularity boost after US military feud

infonews
industry
Mar 2, 2026

Claude, an AI model made by Anthropic, became more popular after the Pentagon rejected it due to ethics concerns and chose OpenAI's ChatGPT instead for classified military networks. Claude reached the top spot on Apple's US app store chart shortly after this decision, showing that public interest in the model increased following the military conflict.

Apple might use Google servers to store data for its upgraded AI Siri

infonews
industry
Mar 2, 2026

Apple is exploring using Google's servers to store data for an upgraded version of Siri that runs on Google's Gemini AI models (a large language model created by Google). This represents a deeper partnership between Apple and Google than previously announced, as Apple works to catch up in AI capabilities while maintaining its privacy standards.

Users are ditching ChatGPT for Claude. Here’s how to make the switch

infonews
industry
Mar 2, 2026

Many users are switching from ChatGPT to Claude, an AI assistant made by Anthropic, following controversies over OpenAI's partnership with the Pentagon for potential military use. Claude has surged in popularity, with the company reporting record sign-ups and a 60% jump in free users since January. The article provides a guide for switching, including how to export your ChatGPT data, import it into Claude, and permanently delete your ChatGPT account.

OpenAI’s “compromise” with the Pentagon is what Anthropic feared

infonews
policysecurity

Tech workers urge DOD, Congress to withdraw Anthropic label as a supply-chain risk

inforegulatory
policyindustry

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

highnews
security
Mar 2, 2026

Google Chrome had a security flaw (CVE-2026-0628, a CVSS score of 8.8, which measures vulnerability severity from 0-10) that allowed malicious browser extensions to gain unauthorized access to the Gemini Live panel, a built-in AI assistant, and perform privileged actions like accessing cameras, microphones, and local files. The vulnerability was caused by insufficient policy enforcement in the WebView tag (a component that displays web content), which let attackers inject malicious code into pages that should have been protected.

Nvidia’s spending $4 billion on photonics to stay ahead of the curve in AI

infonews
industry
Mar 2, 2026

Nvidia is investing $4 billion total ($2 billion each) into two companies, Lumentum and Coherent, that develop photonics technology (devices like optical transceivers and lasers that move data using light). These technologies could make AI data centers more energy-efficient and allow faster data transfer between components, building on Nvidia's previous acquisition of Mellanox to strengthen its networking capabilities.

Anthropic's Claude sees 'elevated errors' as it tops Apple's free apps after Pentagon clash

infonews
industry
Mar 2, 2026

Anthropic's Claude AI experienced elevated errors and degraded performance on Monday, particularly affecting Claude Opus 4.6 (the latest version of their AI model). The company identified the issues and worked on fixes, with some problems on claude.ai and related services being resolved.

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

highnews
security
Mar 2, 2026

A security flaw in Chrome's Gemini Live feature (Google's AI assistant) could allow malicious browser extensions (add-ons that modify Chrome's behavior) to take control of the AI tool, spy on users, and steal their files. The vulnerability created a serious risk for anyone using this feature with untrusted extensions installed.

How Deepfakes and Injection Attacks Are Breaking Identity Verification

infonews
securitysafety

Nvidia to invest $4 billion in two photonics companies

infonews
industry
Mar 2, 2026

Nvidia is investing $4 billion total ($2 billion each) in two U.S. companies, Lumentum and Coherent, that develop photonics technologies (systems using light for sensing and data transfer). These investments include multi-billion dollar purchase commitments and aim to support Nvidia's AI infrastructure expansion by securing advanced optical and laser components needed for large-scale AI data centers.

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

highnews
security
Mar 2, 2026

A vulnerability in OpenClaw allowed malicious websites to connect to the OpenClaw gateway (a system that manages AI agents) on localhost (a computer's own network), guess passwords through brute force attacks (trying many password combinations rapidly), and take control of AI agents. This exposed AI systems to unauthorized hijacking from untrusted websites.

Previous187 / 321Next
TechCrunch
TechCrunch

Fix: The vulnerability has been patched. No specific version number or patching instructions are provided in the source text.

Dark Reading
GitHub Advisory Database
The Verge (AI)

Fix: Upgrade to version 0.2.2 or later, which includes the fix from PR #12.

GitHub Advisory Database
NVD/CVE Database
The Guardian Technology
The Verge (AI)

Fix: To transfer your data from ChatGPT to Claude: (1) In ChatGPT Settings, go to Personalization > Memory > Manage to review and copy your stored preferences, or go to Settings > Data Controls > Export Data to download your chat history as text or JSON files. (2) In Claude, go to Settings > Capabilities and turn on Memory. (3) Start a new conversation and paste your information using a prompt like 'Here's some important context I'd like you to remember. Update your memory about me with this.' or ask Claude to 'Review this and summarize my key preferences' for exported chat files. (4) To delete your ChatGPT account completely: go to Settings > Personalization > Memory and delete stored memory, type 'Delete all my memory and personalized data' in a final chat command, then navigate to account management settings to delete your account entirely.

TechCrunch
Mar 2, 2026

OpenAI announced a deal allowing the US military to use its AI technology in classified settings, claiming it includes protections against autonomous weapons and mass surveillance, unlike Anthropic's rejected negotiations. However, legal experts note that OpenAI's agreement relies on the assumption that the government will follow existing laws and policies, rather than giving the Pentagon explicit prohibitions like Anthropic had proposed, meaning the military can still use the technology for any lawful purpose.

MIT Technology Review
Mar 2, 2026

The Department of Defense has designated Anthropic (an AI company) as a "supply-chain risk" after the company refused to give the military unrestricted access to its AI systems, specifically declining to allow mass surveillance of Americans or autonomous weapons that can fire without human oversight. Hundreds of tech workers from major firms have signed an open letter opposing this designation, arguing it punishes the company for declining a contract and sets a dangerous precedent that could force other companies to accept government demands or face retaliation. The designation is not yet final, as the government must complete a risk assessment and notify Congress before it takes effect, and Anthropic says it will challenge the designation in court.

TechCrunch

Fix: Google patched the vulnerability in Chrome version 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux in early January 2026.

The Hacker News
The Verge (AI)

Fix: According to the status updates mentioned: an issue with Claude Opus 4.6 had 'a fix was in the works' as of 10:49 a.m. ET, and issues on claude.ai, console, and claude code were reported as 'resolved' as of 10:47 a.m. ET.

CNBC Technology
SecurityWeek
Mar 2, 2026

Deepfakes and injection attacks (where attackers substitute fake video or audio into a system's input stream) are increasingly being used to bypass identity verification systems in critical moments like bank account opening, remote hiring, and account recovery. Traditional deepfake detection alone is insufficient because attackers can either create high-quality synthetic media or completely bypass the camera sensor using injection attacks, so organizations need to validate entire identity sessions end-to-end, including device integrity and user behavior signals, rather than just checking if a face looks real.

BleepingComputer
CNBC Technology
SecurityWeek