aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6421 items

Suspect in Tumbler Ridge school shooting described violent scenarios to ChatGPT

infonews
safety
Feb 21, 2026

A suspect in a mass shooting in Tumbler Ridge, British Columbia had conversations with ChatGPT describing gun violence, which triggered the chatbot's automated content review system (a safety filter that flags harmful content). OpenAI employees raised concerns that these posts could indicate a real-world threat and suggested contacting authorities, but company leaders decided the posts did not pose a credible and immediate danger and did not contact law enforcement.

The Verge (AI)

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

highnews
security
Feb 21, 2026

A Russian-speaking hacker used generative AI services to breach over 600 FortiGate firewalls (network security devices) across 55 countries between January and February 2026. Rather than exploiting software flaws, the attacker scanned the internet for exposed firewall management interfaces, used brute-force attacks (trying many password combinations) with common passwords to gain access, then deployed AI-generated tools to automate reconnaissance and extract credentials from the breached networks. The attacker also targeted backup systems before attempting to deploy ransomware (malware that encrypts files and demands payment).

CVE-2026-27487: OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credenti

highvulnerability
security
Feb 21, 2026
CVE-2026-27487

OpenClaw, a personal AI assistant, had a security flaw in versions 2026.2.13 and below on macOS where OAuth tokens (authentication credentials that prove you're logged in) could be used to inject malicious OS commands (commands that run at the operating system level) into the credential refresh process. An attacker could exploit this by crafting a specially designed token to execute arbitrary commands on the affected system.

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

infonews
securityindustry

Tumbler Ridge suspect's ChatGPT account banned before shooting

infonews
safetypolicy

Why fake AI videos of UK urban decline are taking over social media

infonews
safetypolicy

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

infonews
policyindustry

OpenAI considered alerting Canadian police about school shooting suspect months ago

infonews
safetypolicy

Compromised npm package silently installs OpenClaw on developer machines

highnews
security
Feb 20, 2026

A compromised npm publish token (a credential that allows someone to upload code to a package repository) was used to push a malicious update to the Cline CLI (command-line tool), which secretly installed OpenClaw, an AI agent with broad system access, on developers' machines without their knowledge. The malicious package sat on the registry for eight hours before being removed, and OpenClaw itself has a history of security vulnerabilities including prompt injection attacks (tricking an AI by hiding instructions in its input) and authentication bypasses.

CVE-2026-27189: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-a

mediumvulnerability
security
Feb 20, 2026
CVE-2026-27189

OpenSift is an AI study tool that uses semantic search (finding information based on meaning rather than exact keyword matches) and generative AI to analyze large datasets. Versions 1.1.2-alpha and earlier have a vulnerability where multiple operations happening at the same time can corrupt or lose data in local JSON files (a common data storage format), affecting study notes, quizzes, flashcards, and user accounts.

CVE-2026-27170: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.

highvulnerability
security
Feb 20, 2026
CVE-2026-27170

OpenSift, an AI study tool that searches through large datasets using semantic search (finding similar content based on meaning) and generative AI, has a vulnerability in versions 1.1.2-alpha and below where it can be tricked into requesting unsafe internet addresses through its URL ingest feature (the part that accepts web links as input). An attacker could exploit this to access private or local network resources from the computer running OpenSift.

CVE-2026-27169: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-a

highvulnerability
security
Feb 20, 2026
CVE-2026-27169

OpenSift, an AI study tool that uses semantic search (finding information by meaning rather than exact keywords) and generative AI to analyze large datasets, has a vulnerability in versions 1.1.2-alpha and below where untrusted content is rendered unsafely in the chat interface, allowing XSS (cross-site scripting, where attackers inject malicious code that runs in a user's browser). An attacker who can modify stored study materials could execute JavaScript code when a legitimate user views that content, potentially letting the attacker perform actions as that user within the application.

CVE-2026-2635: MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass

highvulnerability
security
Feb 20, 2026
CVE-2026-2635

MLflow contains a vulnerability (CVE-2026-2635) where hard-coded default credentials are stored in the basic_auth.ini file, allowing remote attackers to bypass authentication without needing valid login information and potentially execute code with administrator privileges. This flaw exploits the use of default passwords, a common security mistake where systems ship with unchangeable built-in login credentials.

CVE-2026-2492: TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability al

highvulnerability
security
Feb 20, 2026
CVE-2026-2492

TensorFlow has a vulnerability where it loads plugins from an unsafe location, allowing attackers who already have low-level access to a system to gain higher privileges (privilege escalation, where an attacker gains elevated permissions to do things they normally couldn't). An attacker exploiting this flaw could run arbitrary code (any commands they choose) with the same permissions as the target user.

CVE-2026-2033: MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allo

criticalvulnerability
security
Feb 20, 2026
CVE-2026-2033EPSS: 15.6%

MLflow Tracking Server has a directory traversal (a flaw where an attacker uses special path characters like '../' to access files outside intended directories) vulnerability in its artifact file handler that allows unauthenticated attackers to execute arbitrary code on the server. The vulnerability exists because the server doesn't properly validate file paths before using them in operations, letting attackers run code with the permissions of the service account running MLflow.

OpenAI resets spending expectations, tells investors compute target is around $600 billion by 2030

infonews
industry
Feb 20, 2026

OpenAI is lowering its compute spending target to around $600 billion by 2030, down from a previously announced $1.4 trillion, because investors worried the company's expansion plans were too ambitious compared to expected revenue. The company projects $280 billion in revenue by 2030 and is raising over $100 billion in funding to support its infrastructure investments and compete with rivals like Google and Anthropic.

CVE-2026-27113: Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and pr

mediumvulnerability
security
Feb 20, 2026
CVE-2026-27113

Liquid Prompt, a customizable shell prompt tool for Bash and Zsh, has a vulnerability where malicious Git branch names can execute arbitrary commands (code injection, where attackers trick software into running unintended code) if certain settings are enabled. The vulnerability only affects the development version and requires specific configurations to be active, including the LP_ENABLE_GITSTATUSD option enabled by default and gitstatusd running beforehand.

Taalas serves Llama 3.1 8B at 17,000 tokens/second

infonews
industry
Feb 20, 2026

Taalas, a Canadian hardware startup, has created custom silicon (specialized computer chips) that runs Llama 3.1 8B (a type of AI language model that processes text) at 17,000 tokens per second (units of text the AI can process). The hardware uses aggressive quantization (a technique that compresses the model by reducing precision of its numerical values) with 3-bit and 6-bit parameters (different levels of data compression), and their next version will use 4-bit compression.

GHSA-cxpw-2g23-2vgw: OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

mediumvulnerability
security
Feb 20, 2026
CVE-2026-27576

OpenClaw's ACP bridge (a local communication protocol for IDE integrations) didn't check prompt size limits before processing, causing the system to accept and forward extremely large text blocks that could slow down local sessions and increase API costs. The vulnerability only affects local clients sending unusually large inputs, with no remote attack risk.

GHSA-qv8j-hgpc-vrq8: Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

highvulnerability
security
Feb 20, 2026
CVE-2026-2472

This advisory describes a stored XSS (cross-site scripting, where malicious code is saved and executed when users view a webpage) vulnerability in Google Cloud Vertex AI SDK. The text provided explains the CVSS scoring framework (a 0-10 rating system for vulnerability severity) used to evaluate this vulnerability, covering factors like how an attacker could exploit it, what privileges they need, and what systems could be impacted.

Previous201 / 322Next
BleepingComputer

Fix: Update to version 2026.2.14 or later. According to the source, 'This issue has been fixed in version 2026.2.14.'

NVD/CVE Database
Feb 21, 2026

Anthropic has launched Claude Code Security, a new AI feature that scans software codebases for vulnerabilities and suggests patches for human review. The tool uses AI reasoning to detect security issues that traditional scanning methods might miss, assigns severity ratings to findings, and requires human approval before any changes are made.

The Hacker News
Feb 21, 2026

OpenAI banned a ChatGPT account belonging to a mass shooting suspect in June 2025, but did not alert authorities because the account activity did not meet the company's threshold for reporting (a credible or imminent plan for serious harm). The suspect later carried out an attack in Tumbler Ridge, British Columbia in February 2026 that killed eight people, leading OpenAI to contact police after the fact and announce it would review its reporting criteria with experts.

Fix: OpenAI stated it 'is constantly reviewing its referral criteria with experts and that it is reviewing the case for improvements.' The company also noted it trains ChatGPT to 'discourage imminent real-world harm when it identifies a dangerous situation and to refuse to help people that are attempting to use the service for illegal activities.' However, OpenAI reaffirmed its policy of 'alerting authorities only in cases of imminent risk because alerting them too broadly could cause unintended harm.'

BBC Technology
Feb 21, 2026

AI-generated fake videos showing absurd scenes of urban decline in Croydon, London are going viral on social media, with millions of views across TikTok and Instagram Reels. These deepfakes (AI-created videos that look real but are fabricated) are part of a trend called "decline porn" that portrays Western cities as overrun with immigrants and crime, often fueling racist comments and anger among viewers who believe them. The creator, known as RadialB, intentionally makes the videos look realistic to grab attention and doesn't take responsibility for how they spread divisive political narratives, despite adding small labels noting they are AI-generated.

BBC Technology
Feb 20, 2026

EC-Council launched four new AI certifications and an updated executive program to address a major gap: AI technology is being adopted much faster than the workforce is being trained to secure and manage it. The credentials (covering AI essentials, program management, offensive security testing, and responsible governance) are built around a framework called Adopt. Defend. Govern. that helps organizations deploy, secure, and oversee AI systems responsibly as they move from experimental projects to critical infrastructure.

The Hacker News
Feb 20, 2026

OpenAI detected a user account (Jesse Van Rootselaar) engaged in behavior suggesting violent activities through its abuse detection system, but decided the account activity did not meet the threshold for reporting to law enforcement because there was no imminent and credible risk of serious physical harm. Months later, the same person committed a school shooting in British Columbia that killed eight people, after which OpenAI retroactively contacted the Royal Canadian Mounted Police with information about the account and its usage.

The Guardian Technology

Fix: For developers who installed or updated Cline CLI during the compromised window on February 17, Socket advises: (1) Update to the latest version by running 'npm install -g cline@latest'; (2) If on version 2.3.0, update to 2.4.0 or higher; (3) Check for and immediately remove OpenClaw if it wasn't intentionally installed.

CSO Online

Fix: This issue has been fixed in version 1.1.3-alpha. Users should upgrade to version 1.1.3-alpha or later.

NVD/CVE Database

Fix: This issue has been fixed in version 1.1.3-alpha. As a temporary workaround for trusted local-only exceptions, use the setting OPENSIFT_ALLOW_PRIVATE_URLS=true, but this should be used with caution.

NVD/CVE Database

Fix: This issue has been fixed in version 1.1.3-alpha.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
CNBC Technology

Fix: Commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c contains a fix. As a workaround, set the LP_ENABLE_GITSTATUSD config option to 0.

NVD/CVE Database
Simon Willison's Weblog

Fix: The patched version 2026.2.18 enforces a 2 MiB (2 megabyte) prompt-text limit before combining text blocks, counts newline separator bytes during size checks, maintains final message-size validation before sending to the chat service, prevents stale session state when oversized prompts are rejected, and adds regression tests for oversize rejection and cleanup.

GitHub Advisory Database
GitHub Advisory Database