aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6426 items

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

infonews
security
Jan 30, 2026

CVE-2024-54529 is a type confusion vulnerability (where the code incorrectly assumes an object is a certain type without checking) in Apple's CoreAudio framework that allows attackers to crash the coreaudiod system daemon and potentially hijack control flow by manipulating pointer chains in memory. The vulnerability exists in the com.apple.audio.audiohald Mach service (a macOS inter-process communication system) where message handlers fetch objects without validating their actual type before performing operations on them.

Google Project Zero

Big tech results show investor demand for payoffs from heavy AI spending

infonews
industry
Jan 29, 2026

Big tech companies are under pressure from investors to show that their heavy spending on AI is producing real financial results and business growth. Meta's stock rose after demonstrating AI improvements in advertising, while Microsoft's stock fell despite its large AI investments, showing that investors will reward companies with strong returns but punish those that don't deliver clear benefits from their AI spending.

'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4

lownews
securitysafety

From Quantum to AI Risks: Preparing for Cybersecurity's Future

infonews
securitypolicy

Safeguarding Federated Learning From Data Reconstruction Attacks via Gradient Dropout

inforesearchPeer-Reviewed
research

DriftTrace: Combating Concept Drift in Security Applications Through Detection and Explanation

inforesearchPeer-Reviewed
research

Model-Driven Learning-Based Physical Layer Authentication for Mobile Wi-Fi Devices

inforesearchPeer-Reviewed
research

ZUMA: Training-Free Zero-Shot Unified Multimodal Anomaly Detection

inforesearchPeer-Reviewed
research

SEGA: A Transferable Signed Ensemble Gaussian Black-Box Attack Against No-Reference Image Quality Assessment Models

inforesearchPeer-Reviewed
security

Privacy-Preserving Model Transcription With Differentially Private Synthetic Distillation

inforesearchPeer-Reviewed
research

DeSA: Decentralized Secure Aggregation for Federated Learning in Zero-Trust D2D Networks

inforesearchPeer-Reviewed
research

A Wolf in Sheep’s Clothing: Unveiling a Stealthy Backdoor Attack in Subgraph Federated Learning

inforesearchPeer-Reviewed
security

ATRNet-STAR: A Large Dataset and Benchmark Toward Remote Sensing Object Recognition in the Wild

inforesearchPeer-Reviewed
research

Exploring Security Vulnerabilities in Multilingual Speech Translation Systems via Deceptive Inputs

inforesearchPeer-Reviewed
security

CVE-2026-24779: vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request

highvulnerability
security
Jan 27, 2026
CVE-2026-24779

vLLM, a system for running and serving large language models, has a Server-Side Request Forgery vulnerability (SSRF, where an attacker tricks a server into making requests to unintended targets) in its multimodal feature before version 0.14.1. The bug exists because two different Python libraries interpret backslashes differently, allowing attackers to bypass security checks and force the vLLM server to send requests to internal network systems, potentially stealing data or causing failures.

CVE-2026-24747: PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `wei

highvulnerability
security
Jan 27, 2026
CVE-2026-24747

PyTorch (a Python package for tensor computation) versions before 2.10.0 have a vulnerability in the `weights_only` unpickler that allows attackers to create malicious checkpoint files (.pth files, which store model data) triggering memory corruption and potentially arbitrary code execution (running attacker-chosen commands) when loaded with `torch.load(..., weights_only=True)`. This is a deserialization vulnerability (a weakness where loading untrusted data can be exploited).

Tech Life

infonews
industry
Jan 27, 2026

China's DeepSeek AI tool, which caused significant market disruption when it launched a year ago, is now being adopted by an increasing number of US companies. The episode discusses this growing trend of Chinese AI technology being integrated into American business operations.

Beware: Government Using Image Manipulation for Propaganda

infonews
safetypolicy

CVE-2026-24477: AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

highvulnerability
securityprivacy

CVE-2026-24123: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to vers

highvulnerability
security
Jan 26, 2026
CVE-2026-24123

BentoML, a Python library for serving AI models, had a vulnerability (before version 1.4.34) that allowed path traversal attacks (exploiting file path inputs to access files outside intended directories) through its configuration file. An attacker could trick a user into building a malicious configuration that would steal sensitive files like SSH keys or passwords and hide them in the compiled application, potentially exposing them when shared or deployed.

Previous220 / 322Next
The Guardian Technology
Jan 29, 2026

Researchers discovered a jailbreak technique called semantic chaining that tricks certain LLMs (AI models trained on massive amounts of text) by breaking malicious requests into small, separate chunks that the model processes without understanding the overall harmful intent. This vulnerability affected models like Gemini Nano and Grok 4, which failed to recognize the dangerous purpose when instructions were split across multiple parts.

Dark Reading
Jan 29, 2026

Journalists highlight three major cybersecurity priorities: fixing known weaknesses in software, getting ready for quantum computing threats (powerful computers that could break current encryption), and improving how AI systems are built and used. The piece emphasizes that the cybersecurity industry needs to focus on these areas to stay ahead of emerging risks.

Dark Reading
security
Jan 29, 2026

Federated learning (collaborative model training where participants share only gradients, not raw data) is vulnerable to gradient inversion attacks, where adversaries reconstruct sensitive training data from the shared gradients. The paper proposes Gradient Dropout, a defense that randomly scales some gradient components and replaces others with Gaussian noise (random numerical values) to disrupt reconstruction attempts while maintaining model accuracy.

Fix: Gradient Dropout is applied as a defense mechanism: it perturbs gradients by randomly scaling a subset of components and replacing the remainder with Gaussian noise, applied across all layers of the model. According to the source, this approach yields less than 2% accuracy reduction relative to baseline while significantly impeding reconstruction attacks.

IEEE Xplore (Security & AI Journals)
security
Jan 29, 2026

Concept drift (when data patterns change over time due to evolving attacks or environments) is a major problem for machine learning models used in cybersecurity, since frequent retraining is expensive and hard to understand. DriftTrace is a new system that detects concept drift at the sample level (individual data points) using a contrastive learning-based autoencoder (a type of neural network that learns patterns without needing lots of labeled examples), explains which features caused the drift using feature selection, and adapts to drift by balancing training data. The system was tested on malware and network intrusion datasets and achieved strong results, outperforming existing approaches.

Fix: DriftTrace addresses concept drift through three mechanisms: (1) detecting drift at the sample level using a contrastive learning-based autoencoder without requiring extensive labeling, (2) employing a greedy feature selection strategy to explain which input features are relevant to drift detection decisions, and (3) leveraging sample interpolation techniques to handle data imbalance during adaptation to the drift.

IEEE Xplore (Security & AI Journals)
Jan 29, 2026

This research addresses authentication risks in wireless IoT devices by proposing LiteNP-Net, a lightweight neural network for physical layer authentication (PLA, a security method that verifies device identity using unique wireless channel characteristics). The approach combines hypothesis testing theory with deep learning to create a system that works effectively even without detailed prior knowledge of wireless channel properties, and testing showed it performs better than existing methods in real-world Wi-Fi environments.

IEEE Xplore (Security & AI Journals)
Jan 29, 2026

ZUMA is a training-free framework for multimodal anomaly detection (MAD, identifying unusual patterns using both image and 3D data together) that works without needing labeled training examples, addressing privacy concerns. It uses CLIP (a model trained on images and text) and introduces cross-domain calibration (a technique that bridges differences between how CLIP was trained and how 3D point cloud data works) and dynamic semantic interaction (using natural language descriptions as reference points to spot anomalies) to detect defects in 2D images, 3D objects, or both together without requiring training.

IEEE Xplore (Security & AI Journals)
research
Jan 29, 2026

This research introduces SEGA, a method for attacking No-Reference Image Quality Assessment models (AI systems that evaluate image quality without comparing to a reference image) in black-box scenarios where attackers cannot see the target model's code. SEGA works by using Gaussian smoothing (a mathematical technique that approximates gradients, or the direction of change in the model) across multiple source models and applying a filter to make attacks harder to detect. The method successfully demonstrates improved ability to transfer attacks across different NR-IQA models.

IEEE Xplore (Security & AI Journals)
privacy
Jan 29, 2026

This research addresses the risk that AI models trained on private data could leak sensitive information if attackers extract data from them. The authors propose a method called differentially private synthetic distillation, which converts a trained model into a privacy-protected version without needing access to the original private data, using a generator to create synthetic data and noise to obscure sensitive patterns.

IEEE Xplore (Security & AI Journals)
security
Jan 28, 2026

This research introduces DeSA, a protocol for secure aggregation (a privacy technique that protects individual data while combining results) in federated learning (a machine learning approach where multiple devices train a shared model without sending raw data to a central server) across decentralized device-to-device networks. The protocol addresses challenges in zero-trust networks (environments where no participant is automatically trusted) by using zero-knowledge proofs (cryptographic methods that verify information is correct without revealing the information itself) to verify model training, protecting against Byzantine attacks (attacks where malicious nodes send false information to disrupt the system), and employing a one-time masking method to maintain privacy while allowing model aggregation.

IEEE Xplore (Security & AI Journals)
research
Jan 28, 2026

Subgraph Federated Learning (FL, a system where pieces of a graph are distributed across multiple devices to protect data privacy) is vulnerable to backdoor attacks (hidden malicious functions that cause a model to behave incorrectly when triggered). Researchers developed BEEF, an attack method that uses adversarial perturbations (carefully crafted small changes to input data that fool the model) as hidden triggers while keeping the model's internal parameters unchanged, making the attack harder to detect than existing methods.

IEEE Xplore (Security & AI Journals)
Jan 28, 2026

This paper introduces ATRNet-STAR, a new large dataset for training AI models to recognize objects in Synthetic Aperture Radar (SAR) images, which are pictures taken using microwave radar rather than cameras. The dataset contains over 190,000 labeled images of 40 different vehicle types collected under realistic conditions, making it about 10 times larger than the previous standard dataset (MSTAR from the 1990s). The authors evaluated 15 different AI methods on this dataset to show how well current techniques work and identify directions for future research.

IEEE Xplore (Security & AI Journals)
research
Jan 28, 2026

Researchers discovered that speech translation (ST) systems, which convert spoken words from one language to another, can be tricked by specially crafted audio manipulations that are imperceptible to human ears. They demonstrated two attack methods: adapting techniques from ASR (automatic speech recognition) attacks and using music-based perturbations to guide the system toward producing harmful outputs. These attacks worked across multiple languages and models, revealing a fundamental weakness in how current speech translation systems process and understand audio.

IEEE Xplore (Security & AI Journals)

Fix: Update to version 0.14.1, which contains a patch for the issue.

NVD/CVE Database

Fix: Update to PyTorch version 2.10.0 or later, which fixes the issue.

NVD/CVE Database
BBC Technology
Jan 27, 2026

The White House digitally altered a photograph of an activist's arrest by darkening her skin and distorting her facial features to make her appear more distraught than in the original image posted by the Department of Homeland Security. AI detection tools confirmed the manipulation, raising concerns about how generative AI (systems that create images from text descriptions) and image editing technology can be misused by government to spread false information and reinforce racial stereotypes. The incident highlights the danger of deepfakes (realistic-looking fake media created with AI) and the importance of protecting citizens' right to independently document government actions.

EFF Deeplinks Blog
Jan 27, 2026
CVE-2026-24477

AnythingLLM is an application that lets users feed documents into an LLM so it can reference them during conversations. Versions before 1.10.0 had a security flaw where an API key (QdrantApiKey) for Qdrant, the database that stores document information, could be exposed to anyone without authentication (credentials). If exposed, attackers could read or modify all the documents and knowledge stored in the database, breaking the system's ability to search and retrieve information correctly.

Fix: Update AnythingLLM to version 1.10.0 or later. According to the source: 'Version 1.10.0 patches the issue.'

NVD/CVE Database

Fix: Update BentoML to version 1.4.34 or later, which contains a patch for this issue.

NVD/CVE Database