aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6417 items

Poisoning AI Training Data

infonews
securitysafety
Feb 25, 2026

A researcher demonstrated how easily AI systems can be manipulated by creating false information on a personal website, which major chatbots like Google's Gemini and ChatGPT then repeated as fact within 24 hours, showing that AI training data poisoning (deliberately adding fake information to the data used to teach AI models) is a serious problem because it's so simple to execute.

Schneier on Security

Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

infonews
industry
Feb 25, 2026

Stock prices for major cybersecurity companies have dropped significantly because of concerns that AI tools, specifically Claude's new vulnerability scanner (a tool that automatically finds security flaws in software), are disrupting the cybersecurity business.

Boards don’t need cyber metrics — they need risk signals

infonews
security
Feb 25, 2026

Security teams typically report many activity metrics (like blocked attacks and patched vulnerabilities), but experts argue that boards need different information: risk signals that show whether danger is increasing or decreasing and how fast the organization detects and contains problems. Effective board-level security reporting should focus on business impact (financial loss, regulatory exposure, operational disruption) rather than technical details, using measures like detection speed and containment time that non-technical decision-makers can understand.

CVE-2026-27597: Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possibl

criticalvulnerability
security
Feb 24, 2026
CVE-2026-27597

Enclave is a secure JavaScript sandbox designed to safely run code from AI agents, but versions before 2.11.1 had a vulnerability that allowed attackers to escape the security boundaries and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). This weakness is related to code injection (CWE-94, a type of bug where untrusted input is used to generate code that gets executed).

So verändert KI Ihre GRC-Strategie

infonews
policysecurity

Hacker knackt 600 Firewalls in einem Monat – mit KI

mediumnews
security
Feb 24, 2026

Between January and February 2026, a Russian-speaking hacker compromised over 600 Fortigate firewalls (network security devices that filter traffic) by first targeting ones with weak passwords, then using an AI tool based on Google Gemini to access other devices on the same networks. Security researchers at AWS found that the attacker's reconnaissance tools (software used to gather information about a system) were written in Go and Python and showed signs of AI-generated code, suggesting threat actors are increasingly using AI to automate and scale their attacks.

CVE-2026-27609: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha

highvulnerability
security
Feb 24, 2026
CVE-2026-27609

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in user into unknowingly sending requests to a website). An attacker can create a malicious webpage that, when visited by someone authenticated to Parse Dashboard, forces their browser to send unwanted requests to the AI Agent API endpoint without their knowledge. This vulnerability is fixed in version 9.0.0-alpha.8 and later.

CVE-2026-27608: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha

highvulnerability
security
Feb 24, 2026
CVE-2026-27608

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a security flaw in the AI Agent API endpoint (a feature for managing Parse Server apps) where authorization checks are missing, allowing authenticated users to access other apps' data and read-only users to perform write and delete operations they shouldn't be allowed to do. Only dashboards with the agent feature enabled are vulnerable to this issue.

CVE-2026-27595: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha

criticalvulnerability
security
Feb 24, 2026
CVE-2026-27595

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have security vulnerabilities in the AI Agent API endpoint that allow unauthenticated attackers to read and write data from any connected database using the master key (a special admin credential that grants full access). The agent feature must be enabled to be vulnerable, so dashboards without it are safe.

India’s AI boom pushes firms to trade near-term revenue for users

infonews
industry
Feb 24, 2026

India has become the world's largest market for generative AI (artificial intelligence systems that can create text, images, and other content) app downloads in 2025, with installs jumping 207% year-over-year, but major AI companies like OpenAI and Google are now ending free promotional offers to convert users into paying subscribers. Despite India driving roughly 20% of global GenAI app downloads, it accounts for only about 1% of in-app purchases, and revenue has actually declined in recent months as companies rolled out cheaper or free options like ChatGPT Go. The challenge reflects a tension between rapid user growth and actual monetization (converting users into paying customers) in a price-sensitive market.

Pete Hegseth’s Pentagon AI bro squad includes a former Uber executive and a private equity billionaire

infonews
policy
Feb 24, 2026

This article discusses Pete Hegseth's appointments of prominent private-sector figures, including a former Uber executive and a private equity billionaire, to lead AI-related roles at the Pentagon's research and engineering division. The piece is part of a newsletter covering how wealthy influencers and business leaders are gaining influence over AI policy in Washington.

CVE-2026-20127: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

infovulnerability
security
Feb 24, 2026
CVE-2026-20127🔥 Actively Exploited

CVE-2022-20775: Cisco SD-WAN Path Traversal Vulnerability

infovulnerability
security
Feb 24, 2026
CVE-2022-20775🔥 Actively Exploited

Tech Companies Shouldn’t Be Bullied Into Doing Surveillance

infonews
policysafety

Spanish ‘soonicorn’ Multiverse Computing releases free compressed AI model

infonews
industry
Feb 24, 2026

Multiverse Computing, a Spanish startup, has released a free compressed AI model called HyperNova 60B 2602 that reduces the size of large language models (AI systems trained on massive amounts of text) to make them cheaper and faster to use. The company uses CompactifAI, a compression technology inspired by quantum computing (using principles from quantum mechanics to process information), to create models that are roughly half the size of the original while maintaining similar performance and accuracy. The model is now available for free on Hugging Face (a platform where developers share AI models) and includes improved support for tool calling and agentic coding (where AI systems can use external tools or plan sequences of actions).

OpenAI defeats xAI’s trade secrets lawsuit

infonews
policy
Feb 24, 2026

OpenAI won a legal case against xAI, which had sued claiming that OpenAI stole its trade secrets (confidential information that gives a company a competitive advantage) and hired away its employees. The judge ruled that xAI failed to prove OpenAI actually did anything wrong, noting that while eight former xAI employees did move to OpenAI, there was no evidence that OpenAI directed them to steal anything.

US threatens Anthropic with deadline in dispute on AI safeguards

infonews
policysafety

A I-designed proteins may help spot cancer

infonews
industry
Feb 24, 2026

MIT and Microsoft researchers used AI to design molecular sensors (short proteins called peptides) that can detect early signs of cancer through a urine test. Nanoparticles coated with these peptides are activated by proteases (enzymes that are overactive in cancer cells), producing a detectable signal when excreted in urine. AI-designed peptides are more effective than older trial-and-error methods because they can be optimized to be highly sensitive and specific to particular cancer-linked proteases.

What are the types of ransomware attacks?

infonews
security
Feb 24, 2026

Ransomware is a type of malware that cybercriminals use in different ways to extort money from victims, including crypto ransomware (which encrypts data), double extortion (which steals and threatens to leak data), locker ransomware (which blocks system access), and others. The source explains how different ransomware strains work and that crypto ransomware is the most common type because it combines encryption with pressure on victims to pay. Detection methods include behavior analysis (watching how files act suspiciously), signature-based detection (identifying known ransomware code patterns), heuristic analysis (finding new or modified threats), and deception technology (using fake files as bait to catch ransomware early).

Take control: Locking down common endpoint vulnerabilities

infonews
security
Feb 24, 2026

Endpoints (network-connected devices like laptops and servers) face common vulnerabilities that attackers exploit, particularly exposed Remote Desktop Protocol (RDP, a tool for remote access) which allows brute force attacks on passwords, and phishing emails that trick users into revealing credentials or installing malware. Both threats are preventable with proper security practices.

Previous196 / 321Next
SecurityWeek
CSO Online

Fix: Update to version 2.11.1 or later. The issue has been fixed in version 2.11.1.

NVD/CVE Database
Feb 24, 2026

As companies adopt generative and agentic AI (AI systems that can take actions autonomously), they need to update their GRC (Governance, Risk & Compliance, the framework for managing rules, risks, and regulatory requirements) programs to account for AI-related risks. According to a 2025 security report, about 1 in 80 requests from company devices to AI services poses a high risk of exposing sensitive data, yet only 24% of companies have implemented comprehensive AI-GRC policies.

Fix: The source text recommends several explicit approaches: (1) Foster broad organizational acceptance of risk management across the company by promoting cooperation so all employees understand they must work together; (2) Develop both strategic and tactical approaches to define different types of AI tools, assess their relative risks, and weigh their potential benefits; (3) Use tactical measures including Secure-by-Design approaches (building security into AI tools from the start), initiatives to detect shadow AI (unauthorized AI use), and risk-based AI inventory and classification to focus resources on highest-impact risks without creating burdensome processes; (4) Make risks of specific AI measures transparent to business leadership rather than simply approving or rejecting AI use.

CSO Online

Fix: According to AWS security experts, the best protection against such attacks is to use strong passwords and enable Multi-Factor Authentication (MFA, a security method requiring multiple verification steps to prove identity). The report notes that the attacker repeatedly failed when attempting to compromise patched or hardened systems (computers updated with security fixes and configured defensively), so he targeted easier victims instead.

CSO Online

Fix: Update to version 9.0.0-alpha.8 or later, which adds CSRF middleware (code that checks requests are legitimate) to the agent endpoint and embeds a CSRF token (a secret code) in the dashboard page. Alternatively, remove the `agent` configuration block from your dashboard configuration file as a temporary workaround.

NVD/CVE Database

Fix: Update to version 9.0.0-alpha.8 or later, which adds authorization checks and restricts read-only users to a limited key with write permissions removed server-side (the server prevents writes even if requested). As a temporary workaround, remove the `agent` configuration block from your dashboard configuration file.

NVD/CVE Database

Fix: Upgrade to version 9.0.0-alpha.8 or later, which adds authentication, CSRF validation (protection against forged requests), and per-app authorization middleware to the agent endpoint. Alternatively, remove or comment out the agent configuration block from your Parse Dashboard configuration file as a temporary workaround.

NVD/CVE Database
TechCrunch
The Verge (AI)

Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass vulnerability that allows remote attackers to skip the login process and gain administrative access without valid credentials. An attacker could exploit this flaw by sending specially crafted requests, then use the compromised access to manipulate network configuration through NETCONF (a network configuration protocol). This vulnerability is currently being actively exploited in real-world attacks.

Fix: According to the source, follow CISA's Emergency Directive 26-03 and CISA's Hunt and Hardening Guidance for Cisco SD-WAN Devices. The source also states to adhere to BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. A due date of 2026-02-27 is specified for compliance.

CISA Known Exploited Vulnerabilities

Cisco SD-WAN contains a path traversal vulnerability (a bug where attackers can access files outside intended directories) that allows an authenticated local attacker to gain elevated privileges and execute arbitrary commands as the root user through improper access controls in the CLI (command-line interface, a text-based way to control software). This vulnerability is actively being exploited by attackers.

CISA Known Exploited Vulnerabilities
Feb 24, 2026

The U.S. Department of Defense is pressuring Anthropic, an AI company, to allow their technology to be used for surveillance and autonomous weapons systems (weapons that operate without human control) by threatening to label them a 'supply chain risk' that would prevent other defense contractors from using their AI. Anthropic has publicly stated these are 'bright red lines' they will not cross, and the article argues they should maintain this position rather than give in to government pressure.

EFF Deeplinks Blog
TechCrunch
The Verge (AI)
Feb 24, 2026

The US Pentagon is threatening to remove AI company Anthropic from its supply chain and invoke the Defense Production Act (a law allowing the government to compel companies to produce goods for national security) unless Anthropic allows unrestricted use of its Claude AI chatbot for military applications by Friday evening. Anthropic has refused to allow its technology for certain uses, including autonomous kinetic operations (AI making final targeting decisions without human input) and mass domestic surveillance, citing safety concerns.

BBC Technology
MIT Technology Review

Fix: A layered approach that includes behavior analysis, signature-based detection, heuristic analysis, and deception technology is described as 'the best way to defend against ransomware' to protect against both known and unknown threats.

CSO Online

Fix: For RDP vulnerabilities: don't expose RDP to the public internet unless necessary, restrict admin rights, enforce multi-factor authentication (MFA, a security method requiring multiple forms of verification) for RDP sessions, apply Windows security configurations beyond defaults, and monitor for suspicious logins. For phishing attacks: conduct regularly scheduled security awareness training (SAT) to help users recognize malicious emails, use MFA to reduce damage if credentials are compromised, and don't respond directly to suspicious sender emails.

CSO Online