aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6436 items

Nonparametric generative modeling for time series via Schr{\"{o}}dinger bridge

inforesearchPeer-Reviewed
research
Dec 31, 2025

Researchers propose a generative model for time series (sequences of data points over time) based on Schrödinger bridge, a mathematical technique that uses optimal transport (finding the most efficient way to transform one data distribution into another) to create synthetic time series data. The model estimates unknown functions from real data using nonparametric methods (techniques that don't assume a specific underlying mathematical form) and generates new synthetic samples that preserve the temporal patterns in the original data.

JMLR (Journal of Machine Learning Research)

Enhancing Accuracy in Generative Models via Knowledge Transfer

inforesearchPeer-Reviewed
research

A Unified Approach to Analysis and Design of Denoising Markov Models

inforesearchPeer-Reviewed
research

On the Relevance of Byzantine Robust Optimization Against Data Poisoning

inforesearchPeer-Reviewed
research

Probabilistic Rainfall Downscaling: Joint Generalized Neural Models with Censored Spatial Gaussian Copula

inforesearchPeer-Reviewed
research

Statistical guarantees for denoising reflected diffusion models

inforesearchPeer-Reviewed
research

The Sample Complexity of Parameter-Free Stochastic Convex Optimization

inforesearchPeer-Reviewed
research

CVE-2025-62154: Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) Al

mediumvulnerability
security
Dec 31, 2025
CVE-2025-62154

A missing authorization vulnerability (CWE-862, a weakness where the system fails to check if a user has permission to access something) was found in the Recorp AI Content Writing Assistant plugin for WordPress, affecting versions up to 1.1.7. This flaw allows attackers to exploit incorrectly configured access control, meaning they could potentially access features or data they shouldn't be able to reach.

Dialing for Dollars or Defaulting Online? Assessing Borrower Risk through Call Activity and Social Media Engagement in Microfinance

inforesearchPeer-Reviewed
research

Adoption of ChatGPT in Organizations: Technology Affordance and Constraints Theory Perspective

inforesearchPeer-Reviewed
research

CVE-2025-62116: Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Sec

mediumvulnerability
security
Dec 31, 2025
CVE-2025-62116

CVE-2025-62116 is a missing authorization vulnerability (a security flaw where the software fails to check if a user has permission to perform an action) in Quadlayers AI Copilot that affects versions up to 1.4.7. The vulnerability allows attackers to exploit incorrectly configured access control security levels, meaning they may be able to access or perform actions they shouldn't be allowed to.

Agentic ProbLLMs: Exploiting AI Computer-Use And Coding Agents (39C3 Video + Slides)

infonews
securityresearch

Fighting Renewed Attempts to Make ISPs Copyright Cops: 2025 in Review

infonews
policy
Dec 30, 2025

A major copyright case is now before the Supreme Court, asking whether internet service providers (ISPs) must act as copyright enforcers by cutting off users' internet access based on accusations alone. A lower court ruled that ISPs could be held liable for copyright infringement by their customers, which could lead to entire households, schools, and libraries losing internet access due to one person's alleged infringement, especially harming low-income and underserved communities.

CVE-2023-54306: In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbo

infovulnerability
security
Dec 30, 2025
CVE-2023-54306

A vulnerability in the Linux kernel's TLS (Transport Layer Security, a protocol that encrypts network traffic) implementation could cause threads to hang indefinitely on a lock called tx_lock. An adversarial receiver could keep the RWIN (receive window, which controls how much data can be sent) at 0 for extended periods, preventing a thread holding tx_lock from making progress and potentially blocking it for hours.

CVE-2023-54302: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats

infovulnerability
security
Dec 30, 2025
CVE-2023-54302

A data race vulnerability (a situation where two parts of a program access the same data simultaneously without protection) was found in the Linux kernel's RDMA/irdma driver, where completion statistics were being read and written from different processor cores at the same time. The fix converts the completion statistics into an atomic variable (a thread-safe data type that ensures safe updates across multiple processors), preventing data corruption and compiler optimization issues.

v0.14.12

lownews
security
Dec 29, 2025

This is a release of llama-index v0.14.12, a framework for building AI applications, containing various updates across multiple components including bug fixes, new features for asynchronous tool support, and improvements to integrations with services like OpenAI, Google, Anthropic, and various vector stores (databases that store numerical representations of data for AI searching). Key fixes address issues like crashes in logging, missing parameters in tool handling, and compatibility improvements for newer Python versions.

EFF in the Press: 2025 in Review

infonews
policy
Dec 29, 2025

The Electronic Frontier Foundation (EFF) received thousands of media mentions in 2025 while advocating for digital civil liberties, particularly regarding surveillance technologies like ALPRs (automated license plate readers, which scan vehicle plates automatically) and police use of doorbell cameras. The organization also pursued lawsuits challenging government data sharing and privacy violations, and spoke out against age-verification laws that threaten privacy and free expression.

Enhancing Robustness in Deep Convolutional Neural Networks Through Multiresolution Learning

inforesearchPeer-Reviewed
research

CVE-2025-67729: LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization

highvulnerability
security
Dec 26, 2025
CVE-2025-67729

LMDeploy is a toolkit for compressing, deploying, and serving large language models (LLMs). Prior to version 0.11.1, the software had an insecure deserialization vulnerability (unsafe conversion of data back into executable code) where it used torch.load() without the weights_only=True parameter when opening model checkpoint files, allowing attackers to run arbitrary code on a victim's machine by tricking them into loading a malicious .bin or .pt model file.

HGNN Shield: Defending Hypergraph Neural Networks Against High-Order Structure Attack

inforesearchPeer-Reviewed
security
Previous225 / 322Next
Dec 31, 2025

This paper studies how to improve the accuracy of generative models (AI systems that create new data, like images or text) by using knowledge transfer, where a model trained on one task helps train a model on a different task. The researchers introduce a framework based on 'Shared Embedding,' a technique that finds common patterns between different tasks even when their data looks different, and show that this approach improves performance in two types of generative models: diffusion models (which gradually refine random noise into structured outputs) and normalizing flows (mathematical transformations that learn data distributions).

JMLR (Journal of Machine Learning Research)
Dec 31, 2025

This paper presents a mathematical framework for understanding denoising Markov models (generative models that learn to reverse a noising process to create new data). The authors use concepts from statistical mechanics to establish rigorous rules for how these models work, unifying existing approaches like diffusion models and proposing new variations using different types of mathematical processes.

JMLR (Journal of Machine Learning Research)
security
Dec 31, 2025

This research examines Byzantine robust optimization, a technique that protects machine learning systems when data is poisoned (corrupted or maliciously altered) and some workers (computers processing parts of the dataset) behave unpredictably in distributed networks. The study proves that Byzantine-robust approaches provide optimal protection even when facing weaker threats where only local datasets are poisoned, and shows that having some workers with completely corrupted data is more damaging than having workers with partially corrupted data.

JMLR (Journal of Machine Learning Research)
Dec 31, 2025

This research presents a method for converting large-scale weather predictions into detailed local rainfall forecasts using neural networks and statistical models. The approach works in two steps: first, it uses joint generalized neural models (neural networks that predict the parameters of probability distributions) to estimate rainfall distributions based on coarse weather data, and second, it uses a censored latent Gaussian copula (a mathematical model that captures how rainfall patterns are related across nearby locations) to ensure spatial coherence. The method was tested on UK weather data and performed better than existing techniques.

JMLR (Journal of Machine Learning Research)
Dec 31, 2025

This research paper analyzes denoising reflected diffusion models, which are a type of generative AI (systems that create new data like images or text). The study shows that reflected diffusion processes (a mathematical technique using boundaries to keep the model's state space bounded) can match theoretical predictions better than standard diffusion models, and provides mathematical proof of how quickly these models converge to accurate results.

JMLR (Journal of Machine Learning Research)
Dec 31, 2025

This research addresses how stochastic convex optimization (a machine learning technique for finding the best solution by processing data in random batches) can work when key problem parameters are unknown. The authors propose two methods: a model selection technique that prevents overfitting (when an AI learns noise in the validation data instead of real patterns), and a regularization-based approach that estimates unknown parameters to achieve optimal efficiency. Experiments on image classification and shape-counting tasks show these methods help reduce overfitting on small validation sets.

JMLR (Journal of Machine Learning Research)
NVD/CVE Database
Dec 31, 2025

This research studies how to predict whether borrowers on micro-lending platforms (small-loan services) will default (fail to repay their loans) by examining their call activity and social media behavior. The study analyzed over 154,000 loans from Indonesian platforms and found that frequent calls and stable calling patterns suggest lower default risk, while frequent social media activity and stable social media patterns actually indicate higher default risk. These findings suggest that micro-lending platforms could improve their credit assessment models (systems for deciding who gets loans) by combining both types of behavioral data.

AIS eLibrary (Journal of AIS, CAIS, etc.)
Dec 31, 2025

This research studied what makes knowledge workers (people whose jobs involve handling information) want to use ChatGPT at work, using technology affordance and constraints theory (a framework explaining how tools enable certain actions while limiting others). The study found that ChatGPT's benefits like automation, information quality, and productivity boost adoption, but concerns about risk and lack of regulation reduce it. Personal innovativeness (how open someone is to new ideas) and supportive workplace culture help workers embrace ChatGPT despite their concerns.

AIS eLibrary (Journal of AIS, CAIS, etc.)
NVD/CVE Database
Dec 31, 2025

This presentation covers security vulnerabilities found in agentic systems, which are AI agents (systems that can take actions autonomously) that can use computers and write code. The talk includes demonstrations of exploits discovered during the Month of AI Bugs, a security research initiative focused on finding bugs in AI systems.

Embrace The Red
EFF Deeplinks Blog

Fix: Use interruptible sleep where possible and reschedule the work if it can't take the lock. The fix has been applied in multiple kernel commits available at kernel.org (commit hashes: 1f800f6aae57d2d8f63d32fff383017cbc11cf65, 7123a4337bf73132bbfb5437e4dc83ba864a9a1e, bde541a57b4204d0a800afbbd3d1c06c9cdb133f, be5d5d0637fd88c18ee76024bdb22649a1de00d6, ccf1ccdc5926907befbe880b562b2a4b5f44c087, and f3221361dc85d4de22586ce8441ec2c67b454f5d).

NVD/CVE Database

Fix: Make completion statistics an atomic variable to reflect coherent updates to it. This will also avoid load/store tearing logic bug potentially possible by compiler optimizations.

NVD/CVE Database
LlamaIndex Security Releases
EFF Deeplinks Blog
safety
Dec 29, 2025

This research explores multiresolution learning, a training method where AI models learn from data at multiple levels of detail, starting from very coarse versions and progressively moving to finer ones. The study shows this approach makes deep neural networks (DNNs, which are AI systems with many layers) more robust against noise and adversarial attacks (deliberate attempts to fool the AI) while maintaining accuracy, without requiring extra computing power compared to traditional training methods.

IEEE Xplore (Security & AI Journals)

Fix: This issue has been patched in version 0.11.1.

NVD/CVE Database
research
Dec 26, 2025

Hypergraph Neural Networks (HGNNs, which are AI models that learn from data where connections can link multiple items together instead of just pairs) can be weakened by structural attacks that corrupt their connections and reduce accuracy. HGNN Shield is a defense framework with two main components: Hyperedge-Dependent Estimation (which assesses how important each connection is within the network) and High-Order Shield (which detects and removes harmful connections before the AI processes data). Experiments show the framework improves performance by an average of 9.33% compared to existing defenses.

Fix: The HGNN Shield defense framework addresses the vulnerability through two modules: (1) Hyperedge-Dependent Estimation (HDE) that 'prioritizes vertex dependencies within hyperedges and adapts traditional connectivity measures to hypergraphs, facilitating precise structural modifications,' and (2) High-Order Shield (HOS) positioned before convolutional layers, which 'consists of three submodules: Hyperpath Cut, Hyperpath Link, and Hyperpath Refine' that 'collectively detect, disconnect, and refine adversarial connections, ensuring robust message propagation.'

IEEE Xplore (Security & AI Journals)