aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6409 items

How OpenAI caved to the Pentagon on AI surveillance

infonews
policysafety
Mar 2, 2026

OpenAI negotiated with the Pentagon to use its AI systems for military purposes, while Anthropic refused and was blacklisted for rejecting two uses: domestic mass surveillance (monitoring Americans without individual consent) and lethal autonomous weapons (AI systems that can kill targets without a human making the final decision). OpenAI's CEO claimed to have found a way to maintain safety limits in the company's military contract, though the article does not detail what those specific terms are.

The Verge (AI)

Anthropic’s Claude reports widespread outage

mediumincident
security
Mar 2, 2026

Anthropic's Claude service experienced a widespread outage on Monday morning, affecting Claude.ai and Claude Code (though the Claude API remained functional), with most users encountering errors during login. The company identified the issue was related to login and logout systems and stated it was implementing a fix, though no root cause or technical details were disclosed.

PSDO: Privacy-Preserving Distributed Optimization for Autonomous Prosumer Energy Management

inforesearchPeer-Reviewed
research

OwnerHunter: Multilingual Website Owner Identification Powered by Large Language Model

inforesearchPeer-Reviewed
research

Living Off the LLM: How LLMs Will Change Adversary Tactics

inforesearchPeer-Reviewed
security

Complementary Text-Guided Attention for Zero-Shot Adversarial Robustness

inforesearchPeer-Reviewed
research

AdvDiffusion: Adversarial Patches Generation for Face Recognition With High Transferability in Physical Domain

inforesearchPeer-Reviewed
security

Iran, Berkshire Hathaway earnings, OpenAI's Pentagon deal and more in Morning Squawk

infonews
industrypolicy

I checked out one of the biggest anti-AI protests ever

infonews
policyindustry

Anthropic confirms Claude is down in a worldwide outage

infonews
security
Mar 2, 2026

Claude, an AI assistant made by Anthropic, experienced a widespread outage on March 2, 2026, affecting users across all platforms including web, mobile, and API (the interface developers use to connect to the service). Users reported failed requests, timeouts (when the system doesn't respond in time), and inconsistent responses, with the company still investigating the cause as of the last update.

LLM-Assisted Deanonymization

infonews
securityprivacy

Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel

highnews
security
Mar 2, 2026

A high-severity vulnerability (CVE-2026-0628) in Google Chrome's Gemini AI feature allowed malicious extensions with basic permissions to hijack the Gemini panel and gain unauthorized access to sensitive resources like the camera, microphone, screenshots, and local files. Google released a fix in early January 2026, and the vulnerability highlights how integrating AI directly into browsers creates new security risks when AI components have overly broad access to the browser environment.

I’m on the Meta Oversight Board. We need AI protections now | Suzanne Nossel

infonews
policysafety

Innovation without exposure: A CISO’s secure-by-design framework for business outcomes

infonews
policysecurity

Bug in Google's Gemini AI Panel Opens Door to Hijacking

highnews
security
Mar 2, 2026

A bug in Google's Gemini AI Panel allowed attackers to escalate privileges (gain higher-level access to a system), violate user privacy during browsing, and access sensitive resources. The vulnerability created a security risk by opening a door for unauthorized control of the system.

A scorecard for cyber and risk culture

infonews
security
Mar 2, 2026

True cybersecurity culture is about real behaviors and decisions people make under pressure, not awareness campaigns or posters. The article argues that most organizations accidentally train employees to ignore security by rewarding speed over safety, creating confusing policies, making secure processes difficult, and failing to acknowledge security concerns, then suggests fixing this by redesigning workflows to make secure choices the easiest and most obvious option.

How CISOs can build a resilient workforce

infonews
industry
Mar 2, 2026

CISOs (chief information security officers, the leaders in charge of security at organizations) face challenges building resilient teams due to skills gaps, unpredictable workloads, and high burnout rates. The 2025 ISC2 Cybersecurity Workforce Study found that 47% of security workers feel overwhelmed and 48% feel exhausted keeping up with threats and new technology. To address this, leaders like Stephen Ford recommend using data-backed workforce planning to measure workloads, maintaining proper staffing levels, monitoring team stress, and building a sustainable talent pipeline to prevent overwhelming teams.

Deepfake attack: 'Many people could have been cheated'

infonews
safetysecurity

ClawJacked attack let malicious websites hijack OpenClaw to steal data

highnews
security
Mar 1, 2026

A vulnerability called ClawJacked in OpenClaw (a self-hosted AI platform that runs AI agents locally) allowed malicious websites to secretly take control of a running instance and steal data by brute-forcing the password through the browser. The attack exploited the fact that OpenClaw's gateway service listens on localhost (127.0.0.1, a local-only address) with a WebSocket interface (a two-way communication protocol), and localhost connections were exempt from rate limiting, allowing attackers to guess passwords hundreds of times per second without triggering protections.

OpenAI reveals more details about its agreement with the Pentagon

inforegulatory
policysecurity
Previous188 / 321Next
TechCrunch
Mar 2, 2026

PSDO is a privacy-preserving framework for managing energy systems where prosumers (people who both consume and produce energy) can trade power without relying on a central authority. It combines decentralized optimization (a method where multiple parties solve problems together without one central controller) with differential privacy (a mathematical technique that adds noise to data to protect individual information), allowing prosumers to manage their energy autonomously while keeping their data private. Tests on an IEEE 33-bus system showed PSDO can find optimal solutions while protecting privacy better than existing methods.

IEEE Xplore (Security & AI Journals)
Mar 2, 2026

OwnerHunter is a system that uses large language models (AI trained on vast amounts of text) to identify who owns a website by analyzing webpage content across multiple languages. It improves on older methods that struggled when webpages listed many names or were written in non-English languages, using strategies like checking multiple sources on a page and verifying results to accurately determine the true owner.

IEEE Xplore (Security & AI Journals)
safety
Mar 2, 2026

Living-off-the-land (LOTL) attacks use legitimate tools already built into a system to avoid being detected by security software. The article examines how attackers could use on-device large language models (AI systems running locally on a user's computer rather than in the cloud) as part of these attacks, though it does not detail specific attack methods or provide concrete defenses.

IEEE Xplore (Security & AI Journals)
safety
Mar 2, 2026

CLIP and similar vision-language models (AI systems trained on paired images and text to understand both) are vulnerable to adversarial examples (carefully crafted image modifications designed to fool AI systems). Researchers proposed two methods, TGA-ZSR and Comp-TGA, that use text-guided attention (the model's focus on image regions based on text descriptions) to make these models more robust, achieving 9.58% and 11.95% improvements in accuracy when tested on adversarial examples.

IEEE Xplore (Security & AI Journals)
research
Mar 2, 2026

Researchers developed AdvDiffusion, a method that creates adversarial patches (special sticker patterns) that can fool face recognition systems into misidentifying people, even in real-world physical environments. The technique uses a diffusion model (an AI that learns to remove noise from images) to generate patches that work against black-box models (AI systems the attacker cannot see inside). These adversarial patches are more effective and transferable across different face recognition systems than previous attack methods.

IEEE Xplore (Security & AI Journals)
Mar 2, 2026

OpenAI secured a deal with the U.S. Department of Defense after the Trump administration forced federal agencies to stop using Anthropic's AI technology, citing disagreements over how the Pentagon wanted to use the artificial intelligence startup's systems. OpenAI's CEO Sam Altman stated that his company shares the same ethical boundaries (called guardrails, which are safety limits built into AI systems) as Anthropic regarding how the technology should be used.

CNBC Technology
Mar 2, 2026

Anti-AI protest groups organized a march in London on February 28 with a couple hundred protesters expressing concerns about generative AI (AI systems trained on large amounts of data to generate text, images, or other content), ranging from job displacement and harmful content to existential risks. The protest represents a significant growth in organized anti-AI activism, with groups like Pause AI expanding rapidly since their 2023 founding to mobilize larger crowds around concerns that researchers have documented about AI systems like ChatGPT and Gemini.

MIT Technology Review
BleepingComputer
Mar 2, 2026

Researchers demonstrated that LLMs (large language models, AI systems trained on vast amounts of text) can effectively de-anonymize people by identifying them from their anonymous online posts across platforms like Hacker News, Reddit, and LinkedIn. By analyzing just a handful of comments, these AI systems can infer personal details like location, occupation, and interests, then search the web to match and identify the anonymous user with high accuracy across tens of thousands of candidates.

Schneier on Security

Fix: Google released a fix in early January 2026. Additionally, Palo Alto Networks' Prisma Browser is mentioned as a product designed to prevent extension-based attacks like this vulnerability.

Palo Alto Unit 42
Mar 2, 2026

AI is developing faster than government regulation can keep up, creating risks like chatbots giving harmful advice to teens and potential misuse for creating biological weapons. Unlike industries such as nuclear power or pharmaceuticals, AI companies are not required to disclose safety problems or undergo independent testing before releasing new models to the public. The author argues that independent oversight of AI platforms is necessary to protect people's rights and safety.

The Guardian Technology
Mar 2, 2026

Security leaders (CISOs, who oversee an organization's security strategy) face pressure to enable innovation like AI adoption while reducing risk and staying within budget constraints. The source argues that well-governed innovation actually reduces risk by preventing uncontrolled tool sprawl and shadow IT (unauthorized software systems), but unmanaged innovation creates fragile systems that increase damage from security incidents. The key is bringing discipline to experimentation by automating routine tasks, giving teams ownership of meaningful improvements with clear end goals, and using AI strategically only where it changes the risk equation without creating new vulnerabilities.

CSO Online
Dark Reading

Fix: The source recommends: 'Make the secure path the easiest path. People choose defaults. Give them good ones. Create golden paths for common work. Secure templates. Approved tools. Automated guardrails. Self-service access with sane limits.' The text also advises organizations to 'Remove friction. Clarify choices. Make it hard to do the wrong thing by accident and easy to make the best possible decision.'

CSO Online

Fix: According to Ford's strategies, CISOs should use data to inform staffing levels, monitor workloads actively, balance workload distribution as much as possible, and focus on building good teams and understanding their challenges. Ford also emphasizes hiring good people, empowering them to operate, and delegating as much as possible, while spending time understanding the team's workload and how they feel about their work. Additionally, organizations should look at workforce resilience as an element of risk management requiring data-backed planning and managing the skills mix.

CSO Online
Mar 2, 2026

Deepfakes (AI-generated fake videos that look real) are being used to trick people into financial fraud, with incidents ranging from fake stock advice videos in India to a $25 million theft at an engineering firm where employees were deceived by deepfake video calls. The technology is becoming easier and cheaper to create, making these attacks a growing threat to both individuals and companies.

BBC Technology

Fix: Update to OpenClaw version 2026.2.26 or later immediately. According to the source, the fix "tightens WebSocket security checks and adds additional protections to prevent attackers from abusing localhost loopback connections to brute-force logins or hijack sessions, even if those connections are configured to be exempt from rate limiting."

BleepingComputer
Mar 1, 2026

OpenAI reached an agreement with the Department of Defense to deploy its AI models in classified environments, after Anthropic's similar negotiations failed. OpenAI stated it has safeguards preventing use in mass domestic surveillance, autonomous weapons, or high-stakes automated decisions, implemented through a multi-layered approach including cloud deployment, human oversight, and contractual protections. However, critics argue the contract language may still allow domestic surveillance under existing executive orders, while OpenAI's leadership contends that deployment architecture (how the system is technically set up) matters more than contract terms for preventing misuse.

TechCrunch