aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6426 items

Is a secure AI assistant possible?

infonews
securitysafety
Feb 11, 2026

OpenClaw is a tool that lets users create AI personal assistants by connecting large language models (LLMs, or AI systems trained on huge amounts of text) to external tools like email and file systems, but this creates serious security risks. When AI assistants have access to sensitive data and the ability to take actions in the real world, mistakes by the AI or attacks by hackers could expose private information or cause damage. The biggest concern is prompt injection (tricking an AI by hiding malicious instructions in text or images it reads), which could let attackers hijack the assistant and steal the user's data.

Fix: The source mentions two existing approaches: some users are running OpenClaw agents on separate computers or in the cloud to protect data on their main hard drives from being erased, and other vulnerabilities could be fixed using tried-and-true security approaches. However, the text does not provide specific implementation details or explicit solutions for the prompt injection vulnerability that experts identified as the main risk.

MIT Technology Review

Skills in OpenAI API

infonews
industry
Feb 11, 2026

OpenAI now allows developers to use Skills (reusable code packages) directly in the OpenAI API through a shell tool, with the ability to upload Skills as compressed files or send them inline as base64-encoded zip data (a way of encoding binary files as text) within JSON requests. The example shows how to create an API call that uses a custom skill to count words in a file, making it easier to extend AI capabilities with custom tools.

GLM-5: From Vibe Coding to Agentic Engineering

infonews
industry
Feb 11, 2026

GLM-5 is a new, very large open-source AI model (754 billion parameters, which are the adjustable values that make up a neural network) released under the MIT license, making it twice the size of its predecessor GLM-4. The source discusses how developers are increasingly using the term 'agentic engineering' (building software systems where AI acts autonomously to complete multi-step tasks) to describe professional software development with large language models.

“Free” Surveillance Tech Still Comes at a High and Dangerous Cost

infonews
policy
Feb 11, 2026

Local law enforcement agencies receive "free" surveillance tools like automated license plate readers (ALPRs, cameras that automatically read vehicle plates), facial recognition, and drones from vendors and federal agencies, but this comes at the cost of eroding civil liberties and creating data pipelines to agencies like ICE that can expose people to harm. The article explains that "free" surveillance technology often operates without public oversight through pilot programs and continued vendor support, allowing data collection on people's movements to happen without their knowledge or consent. Cities are urged to reject these programs or, if they proceed, implement oversight mechanisms like public hearings, transparency requirements, and clear use policies before deploying any surveillance tools.

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

infonews
industry
Feb 11, 2026

This article discusses how organizations should choose modern SIEM (security information and event management, a system that collects and analyzes security data from across an organization) platforms designed for the 'agentic era' where AI agents automate security tasks. Rather than maintaining fragmented legacy tools, companies should adopt unified, cloud-native platforms that combine data collection, analytics, and response capabilities, enabling both human analysts and AI to detect threats faster and respond more effectively.

Platform Choice and Resource Configuration: From the Perspective of Resource Dependence

inforesearchPeer-Reviewed
research

Better (Cyber) Insured than Sorry? Unraveling Cognitive Factors in the (Non)Adoption of Personal Cyber Insurance using fsQCA

inforesearchPeer-Reviewed
policy

Robust Trusted Conflictive Multiview Collaborative Contrastive Learning

inforesearchPeer-Reviewed
research

ADVersa: Abductive Driving Accident Video Understanding

inforesearchPeer-Reviewed
research

A Personalized and Privacy-Preserving Federated Transformer Framework for Multilingual Sentiment Analysis

inforesearchPeer-Reviewed
research

The Download: inside the QuitGPT movement, and EVs in Africa

infonews
industry
Feb 11, 2026

The QuitGPT movement is a growing campaign where users are canceling their ChatGPT subscriptions due to frustration with the chatbot's capabilities and communication style, with complaints flooding social media platforms in recent weeks. The article also covers several other tech stories, including potential cost competitiveness of electric vehicles in Africa by 2040, social media companies agreeing to independent safety assessments for teen mental health protection, and regulatory decisions affecting vaccine development.

Scary Agent Skills: Hidden Unicode Instructions in Skills ...And How To Catch Them

mediumnews
securityresearch

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

infonews
security
Feb 11, 2026

North Korean threat actor UNC1609 is using ClickFix (a social engineering technique where attackers trick users into running malicious commands) combined with AI-generated videos to target cryptocurrency companies. The attackers impersonate industry contacts via compromised Telegram accounts, conduct fake video meetings, and convince victims to paste commands into their macOS Terminal, which downloads and executes malware including multiple undocumented backdoors (WAVESHAPER, HYPERCALL, HIDDENCALL, and others) that steal sensitive data and establish remote access.

Prompt Injection Via Road Signs

infonews
securityresearch

Children bombarded with weight loss drug ads online, says commissioner

infonews
policy
Feb 11, 2026

Children in England are being exposed to ads for weight loss drugs, diet products, and cosmetic procedures online despite such advertising being banned, according to a report by the children's commissioner. The ads are harmful to young people's self-esteem and body image, prompting calls for stronger regulation of social media platforms and better enforcement of existing rules.

CISOs must separate signal from noise as CVE volume soars

infonews
security
Feb 11, 2026

The cybersecurity industry is projected to identify over 59,000 vulnerabilities (CVEs, which are publicly disclosed software security flaws) in 2026, potentially reaching 118,000 under worst-case scenarios. However, experts warn that the sheer number of vulnerabilities does not directly reflect actual risk, since historically only a small fraction are ever exploited in real attacks, and most don't meaningfully impact most organizations. The surge reflects better discovery and reporting processes rather than worse software quality, creating a signal-to-noise problem that challenges security teams to prioritize which vulnerabilities actually matter.

Der Kaufratgeber für Breach & Attack Simulation Tools

infonews
security
Feb 10, 2026

Breach & Attack Simulation (BAS) tools are software that automatically tests how well a company's security controls work by simulating different types of attacks, such as phishing, malware, and network infiltration. Unlike penetration testing (where security experts try to break in), BAS continuously checks that security systems are functioning as designed. The BAS market is growing, especially in regulated industries like banking, and is increasingly incorporating generative AI (machine learning models that create new content) to improve user interfaces and help organizations prioritize security problems.

CVE-2026-26013: LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_token

lowvulnerability
security
Feb 10, 2026
CVE-2026-26013

LangChain (a framework for building AI agents and applications powered by large language models) versions before 1.2.11 have a vulnerability where the ChatOpenAI.get_num_tokens_from_messages() method doesn't validate image URLs, allowing attackers to perform SSRF attacks (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems). This vulnerability was fixed in version 1.2.11.

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

infonews
security
Feb 10, 2026

Microsoft released 60 security fixes in February 2026 Patch Tuesday, including six actively exploited vulnerabilities. Three of these are security feature bypasses (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514) that let attackers trick users into opening malicious files to execute code and bypass protections like Windows SmartScreen, while two allow privilege escalation (CVE-2026-21519, CVE-2026-21533). The good news is that all six issues are easy to fix with regular Microsoft patches for Windows and Office without requiring any additional configuration steps after patching.

v0.14.14

lownews
security
Feb 10, 2026

LlamaIndex version 0.14.14 is a maintenance release that fixes multiple bugs across core components and integrations, including issues with error handling in vector store queries, compatibility with deprecated Python functions, and empty responses from language models. The release also adds new features like a TokenBudgetHandler for cost governance and improves security defaults in core components. Several integrations with external services (OpenAI, Google Gemini, Anthropic, Bedrock) were updated to support new models and fix compatibility issues.

Previous214 / 322Next
Simon Willison's Weblog
Simon Willison's Weblog

Fix: The source explicitly recommends that cities implement oversight mechanisms before using surveillance tools: "public hearings, competitive bidding, public records transparency, and city council supervision" along with "basic safeguards like use policies, audits, and consequences for misuse." The source also states that "cities can and should use their power to reject federal grants, vendor trials, donations from wealthy individuals, or participation in partnerships that facilitate surveillance" as a primary approach.

EFF Deeplinks Blog
Microsoft Security Blog
Feb 11, 2026

This research studies how small and medium-sized companies decide whether to build their own digital platform or join an existing one, using Resource Dependence Theory (a framework explaining how organizations manage their needed resources). The study found that companies worry more about becoming dependent on platforms than about lacking resources, and that data dependence (reliance on information controlled by platforms) is a new and important factor that traditional theories didn't account for.

AIS eLibrary (Journal of AIS, CAIS, etc.)
Feb 11, 2026

This research examines why individuals do not widely adopt personal cyber insurance, which covers remaining risks that preventive security measures cannot stop. Using survey data from 301 U.S. residents and analyzing cognitive factors through fsQCA (fuzzy-set qualitative comparative analysis, a method that identifies different combinations of conditions leading to the same outcome), the study finds that different psychological and behavioral factors lead people to either adopt or reject cyber insurance in ways that differ from previous research.

AIS eLibrary (Journal of AIS, CAIS, etc.)
Feb 11, 2026

This paper proposes RCMCL (Robust Trusted Conflictive Multiview Collaborative Contrastive Learning), a method to improve AI models that learn from multiple sources of data (multiview learning) when those sources conflict or misalign with each other. The approach uses evidential deep neural networks (a technique that estimates uncertainty in predictions) and contrastive learning (a training method that teaches the model to recognize similar and different examples) to make the model more reliable and accurate even when the data sources provide contradictory information.

IEEE Xplore (Security & AI Journals)
Feb 11, 2026

ADVersa is a framework that uses AI to understand and explain traffic accidents by analyzing video and text together. It can recover what happened before a crash, predict what will happen during a crash, and generate explanations for why accidents occur by learning from a new dataset (MM-AU) containing nearly 12,000 accident videos with detailed descriptions and object annotations.

IEEE Xplore (Security & AI Journals)
Feb 11, 2026

FedPerX is a federated transformer framework (a system where multiple computers train an AI model together without sharing raw data) designed for sentiment analysis across multiple languages while protecting privacy. It uses residual adapters (lightweight customizable modules added to a shared language model) and differential privacy (a mathematical technique that adds noise to data to prevent identifying individuals) to let each participant personalize their model without compromising data privacy. The framework outperforms existing methods on multilingual datasets with improved accuracy and significantly reduced communication needs.

IEEE Xplore (Security & AI Journals)
MIT Technology Review
Feb 11, 2026

Skills (tools that extend AI capabilities) can be secretly backdoored using invisible Unicode characters (special hidden text markers that certain AI models like Gemini and Claude interpret as instructions), which can survive human review because the malicious code is not visible to readers. The post demonstrates this supply chain attack (where malicious code enters a system through a trusted source) and presents a basic scanner tool that can detect such hidden prompt injection (tricking an AI by hiding instructions in its input) attacks.

Fix: The source mentions that the author 'had my agent propose updates to OpenClaw to catch such attacks,' but does not explicitly describe what those updates are or provide specific implementation details for the mitigation strategy.

Embrace The Red
CSO Online
Feb 11, 2026

Researchers discovered a new attack called CHAI (Command Hijacking against embodied AI) that tricks AI systems controlling robots and autonomous vehicles by embedding fake instructions in images, such as misleading road signs. The attack exploits Large Visual-Language Models (LVLMs, which are AI systems that understand both images and text together) to make these embodied AI systems (robots that perceive and interact with the physical world) ignore their real commands and follow the attacker's hidden instructions instead. The researchers tested CHAI on drones, self-driving cars, and real robots, showing it works better than previous attack methods.

Schneier on Security

Fix: Dame Rachel's report suggested several explicit solutions: amending the Online Safety Act (OSA, a set of laws requiring online platforms to keep users safe) to include a "clear duty of care" for social media platforms to stop showing adverts to children; adding changes to Ofcom's Children's Code of Practice to "explicitly protect children from body stigma content"; and strengthening regulation and enforcement of online sales of age-restricted products. The government is also considering "bold measures to protect children online", including potentially banning social media for under 16s, according to a government spokesperson quoted in the article.

BBC Technology
CSO Online
CSO Online

Fix: Update LangChain to version 1.2.11 or later. The vulnerability is fixed in 1.2.11.

NVD/CVE Database

Fix: Apply the regular Microsoft patches for Windows and Office released in the February 2026 Patch Tuesday update. According to the source, these patches resolve all six actively exploited vulnerabilities and require no post-patch configuration steps.

CSO Online

Fix: Users should update to version 0.14.14. The release notes explicitly mention: "Fix potential crashes and improve security defaults in core components (#20610)" and include specific bug fixes such as "fix(agent): handle empty LLM responses with retry logic" (#20596) and "Fix DeprecationWarning: 'asyncio.iscoroutinefunction' is deprecated" (#20517).

LlamaIndex Security Releases