aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6417 items

GHSA-mxhj-88fx-4pcv: Fickling: OBJ opcode call invisibility bypasses all safety checks

highvulnerability
security
Feb 24, 2026

Fickling, a tool for safely analyzing pickle files (Python's serialization format), has a critical vulnerability where the OBJ opcode (an instruction that calls functions) can execute dangerous code without being detected by any of Fickling's safety checks. The problem is that OBJ pushes function calls directly onto the interpreter's stack instead of recording them in the analysis structure (AST, or abstract syntax tree, which represents the code's structure), so when the result is discarded, the malicious call becomes invisible to all safety analysis.

Fix: The vulnerability is described as "a single missing `new_variable()` call in `Obj.run()` (`fickle.py:1333-1350`)." The source indicates that REDUCE opcodes correctly persist calls to the AST using `interpreter.new_variable(call)`, and OBJ should follow the same pattern. The assessment section mentions a commit (https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a) that updates "the interpreter so it behaves closer to CPython when dealing with `OBJ`, `NEWOBJ`, and `NEWOBJ_EX` opcodes," suggesting this addresses the fix, though the exact patched version is not explicitly stated in the source.

GitHub Advisory Database

Anthropic won’t budge as Pentagon escalates AI dispute

inforegulatory
policyindustry

Anthropic faces Friday deadline in Defense AI clash with Hegseth

inforegulatory
policy
Feb 24, 2026

Defense Secretary Pete Hegseth has given Anthropic (an AI company that develops Claude models) until Friday to allow the military broad access to its AI systems, threatening to label the company a 'supply chain risk' (a designation that would require DoD vendors to stop using Anthropic's products) or invoke the Defense Production Act (a law allowing the president to control domestic industries for national security) if it refuses. Anthropic wants safeguards preventing its models from being used for autonomous weapons or mass surveillance, while the DoD wants unrestricted access to 'all lawful use cases' without limitations.

GHSA-x76f-jf84-rqj8: Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass

highvulnerability
security
Feb 24, 2026
CVE-2026-27588

Caddy's MatchHost matcher is documented as case-insensitive, but when configured with more than 100 host entries, it uses an optimized binary search that performs case-sensitive comparison, allowing attackers to bypass host-based routing and access controls by changing the casing of the Host header (for example, sending 'H001.TEST' instead of 'h001.test').

GHSA-g7pc-pc7g-h8jh: Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

highvulnerability
security
Feb 24, 2026
CVE-2026-27587

Caddy's path matcher is supposed to be case-insensitive, but when a match pattern contains percent-escape sequences (encoded characters like %2F for a slash), it compares the request path without lowercasing it, allowing attackers to bypass access controls by changing letter casing (for example, requesting /ADMIN%2Fpanel instead of /admin%2Fpanel).

Why AMD's megadeal with Meta shows Nvidia is still the best game in town

infonews
industry
Feb 24, 2026

N/A -- This content is a footer/navigation page from CNBC with no substantive article text about AMD, Meta, Nvidia, or any AI/LLM-related technical issue. The provided material contains only website metadata, subscription prompts, and legal information.

GHSA-4xrr-hq4w-6vf4: Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections

mediumvulnerability
security
Feb 24, 2026
CVE-2026-27585

Caddy's file matcher doesn't properly escape backslashes when sanitizing glob patterns (special characters used for file matching), which allows attackers to bypass security protections. For example, a reverse proxy blocking `/documents/*` can be bypassed by requesting `/do%5ccuments/` (where `%5c` is a backslash) because the backslash in the glob pattern is treated as an escape character and ignored before non-special characters.

GHSA-m2cq-xjgm-f668: ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

criticalvulnerability
security
Feb 24, 2026
CVE-2026-27584

ActualBudget server has a missing authentication vulnerability in its SimpleFIN and Pluggy.ai bank sync endpoints, allowing any unauthenticated attacker to access sensitive bank account balances and transaction history. The vulnerable endpoints (like POST /simplefin/accounts and POST /pluggyai/transactions) lack authentication middleware (code that verifies a user is logged in before allowing access), making this a critical issue for any ActualBudget server instance accessible over a network.

GHSA-78qv-3mpx-9cqq: NiceGUI vulnerable to XSS via Code Injection during client-side element function execution

highvulnerability
security
Feb 24, 2026
CVE-2026-27156

NiceGUI has a cross-site scripting (XSS) vulnerability where several APIs that run methods on client-side elements use an unsafe `eval()` function (which executes arbitrary code from a string), allowing attackers to inject malicious JavaScript through user input like URL parameters. Additionally, some methods use string interpolation instead of proper escaping, making it easier for attackers to break out of intended contexts and inject code that can steal cookies, manipulate the page, or perform actions as the victim.

Cursor announces major update to AI agents as coding tool battle heats up

infonews
industry
Feb 24, 2026

Cursor, an AI coding tool startup, announced updates to its AI agents (software that can complete tasks automatically on a user's behalf) that allow them to test changes, run multiple tasks in parallel on cloud-based virtual machines (remote computers), and work across different platforms like Slack and GitHub. The update aims to help Cursor compete with rivals like OpenAI and Anthropic in the rapidly growing market for AI-powered coding assistants.

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

highnews
securitysafety

OpenAI COO says ‘we have not yet really seen AI penetrate enterprise business processes’

infonews
industry
Feb 24, 2026

OpenAI's COO Brad Lightcap stated that AI has not yet been widely adopted into enterprise business processes at scale, despite powerful AI systems being available to individual users. To address this, OpenAI launched a new platform called OpenAI Frontier, which allows enterprises to build and manage agents (AI systems that can perform tasks autonomously) and helps complex organizations integrate AI into their workflows by measuring success through business outcomes rather than just user seat licenses.

Microsoft adds Copilot data controls to all storage locations

infonews
securityprivacy

Software stocks rebound as Anthropic announces new partnerships

infonews
industry
Feb 24, 2026

Anthropic announced new partnerships and updates to Claude (its AI assistant), allowing companies to integrate it into enterprise software tools like Slack, Gmail, and Salesforce. This announcement reassured investors that AI won't completely replace existing software systems, causing software and cybersecurity stocks to rebound after recent declines driven by fears that AI tools could disrupt traditional software businesses.

Anthropic’s Claude Cowork is plugging AI into more boring enterprise stuff

infonews
industry
Feb 24, 2026

Anthropic announced updates to Claude Cowork, an AI tool that helps with office tasks, allowing it to connect with popular apps like Google Workspace, Docusign, and WordPress through new plug-ins. These plug-ins can automate work across different fields such as HR, design, and finance, and Claude can now handle multi-step tasks across Excel and PowerPoint by passing context between the two applications.

Oura launches a proprietary AI model focused on women’s health

infonews
industry
Feb 24, 2026

Oura, a health tracking company, released a custom AI model designed specifically for women's health questions, powering its chatbot called Oura Advisor. The model uses established medical research reviewed by doctors and combines it with users' biometric data (measurements like heart rate and sleep patterns) to provide personalized guidance on topics like menstrual cycles and menopause. The company emphasizes the model is hosted on its own servers and designed to be supportive rather than replace actual medical doctors.

Identity-First AI Security: Why CISOs Must Add Intent to the Equation

infonews
securitypolicy

Anthropic launches new push for enterprise agents with plugins for finance, engineering, and design

infonews
industry
Feb 24, 2026

Anthropic announced a new enterprise agents program that lets companies deploy pre-built AI agents (software programs that can perform tasks autonomously) to handle common business work like financial research and HR tasks. The program includes a plugin system, pre-made agents for specific departments, and integrations with tools like Gmail and DocuSign, along with controls that corporate IT departments need for managing software safely.

Anthropic updates Claude Cowork tool built to give the average office worker a productivity boost

infonews
industry
Feb 24, 2026

Anthropic has released new connectors and plugins for Claude Cowork, its AI productivity tool for office workers, allowing organizations to integrate it with existing software like Google Drive and Gmail. The update marks Claude Cowork's transition from a research project to an enterprise-grade product, with customizable plugins designed to encode institutional knowledge and workflows across different business domains.

How Claude Code Claude Codes

infonews
industry
Feb 24, 2026

Claude Code is a developer tool created by Anthropic that has unexpectedly become popular with non-developers across various industries who have learned to access their terminal (the text-based interface for giving computer commands) to build projects. The tool has achieved significant product-market fit (strong demand and adoption), though the article questions whether users will eventually move beyond using the terminal interface.

Previous197 / 321Next
Feb 24, 2026

Anthropic, an AI company, is refusing to give the U.S. military unrestricted access to its AI model because of concerns about mass surveillance and autonomous weapons, despite the Pentagon threatening to declare the company a "supply chain risk" (a serious designation usually reserved for foreign adversaries) or invoke the Defense Production Act (a law giving the president power to force companies to prioritize production for national defense). The dispute highlights tension between corporate AI safety policies and government demands for military access, with experts warning that using these extreme measures could signal the U.S. is becoming unstable for business.

TechCrunch
CNBC Technology

Fix: The source suggests two fixes: (1) normalize exact hostnames to lower-case during MatchHost.Provision (at least for non-fuzzy entries), or (2) normalize the incoming request host to lower-case before the large-list binary search and equality check so the optimized path stays case-insensitive.

GitHub Advisory Database

Fix: In the percent-pattern matching path, lowercase the constructed string in matchPatternWithEscapeSequence right before path.Match, matching the behavior of the normal matching branch.

GitHub Advisory Database
CNBC Technology
GitHub Advisory Database

Fix: The source text shows that other integrations like GoCardless implement the fix by using `app.use(validateSessionMiddleware)` to add authentication middleware. This middleware must be added to the SimpleFIN and Pluggy.ai endpoint files (`/packages/sync-server/src/app-simplefin/app-simplefin.js` and `/packages/sync-server/src/app-pluggyai/app-pluggyai.js`) to require login before accessing the sensitive endpoints, similar to the example shown in `packages/sync-server/src/app-gocardless/app-gocardless.js`.

GitHub Advisory Database

Fix: Use `json.dumps()` for proper escaping of method and property names in `run_method()` and `get_computed_prop()`, and remove the `eval()` fallback from the `runMethod()` function in `nicegui.js` so that invalid method names raise an error instead of being executed as code. Code that previously relied on passing JavaScript functions as method names should use `ui.run_javascript()` instead, for example: `row = await ui.run_javascript(f'return getElement({grid.id}).api.getDisplayedRowAtIndex(0).data')` instead of `row = await grid.run_grid_method('g => g.getDisplayedRowAtIndex(0).data')`.

GitHub Advisory Database
CNBC Technology
Feb 24, 2026

A vulnerability called RoguePilot in GitHub Codespaces allowed attackers to inject hidden malicious instructions into GitHub issues, which GitHub Copilot (an AI code assistant) would automatically execute when a developer opened a Codespace from that issue, potentially leaking the GITHUB_TOKEN (a credential that grants access to repositories). The flaw is an example of prompt injection (tricking an AI by hiding instructions in its input), and attackers could hide their malicious prompts using HTML comments to avoid detection.

Fix: The vulnerability has since been patched by Microsoft following responsible disclosure.

The Hacker News
TechCrunch
Feb 24, 2026

Microsoft is expanding data loss prevention (DLP, rules that block AI from accessing sensitive documents) controls to protect files stored on local devices, not just in cloud storage like SharePoint or OneDrive. The change, rolling out between March and April 2026, will prevent the Microsoft 365 Copilot AI assistant from reading or processing documents marked as confidential. This update addresses a recent bug where Copilot Chat accidentally read confidential emails despite DLP protections being active.

Fix: Microsoft will deploy the enhancement through the Augmentation Loop (AugLoop, an Office component that helps Copilot access documents) between late March and late April 2026. The fix enables Office clients to provide sensitivity labels directly to AugLoop rather than requiring a call to Microsoft Graph using file URLs, allowing DLP enforcement to apply uniformly across all storage locations, including local files. Organizations with DLP policies already configured to block Copilot from processing sensitivity-labeled content will have this protection automatically enabled without requiring administrative action or changes.

BleepingComputer
CNBC Technology
The Verge (AI)
TechCrunch
Feb 24, 2026

AI agents in enterprises now perform critical operations like provisioning infrastructure and approving transactions, but they are often not governed as distinct identities—instead inheriting broad privileges from their creators. Traditional identity and access management (IAM, the systems that control who can access what) is insufficient because AI agents are dynamic and can take unpredictable paths to achieve their goals, so a new approach called intent-based permissioning is needed, which checks not just who the agent is but why it is requesting access and whether that purpose justifies the action at that moment.

BleepingComputer
TechCrunch
CNBC Technology
The Verge (AI)