All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Large language models (LLMs, AI systems trained on huge amounts of text to generate human-like responses) can now mimic not just general human language but also unusual, individual-specific human behaviors. This ability could lead to LLMs being used more widely in research studies and potentially reduce the role of actual humans, which raises concerns about AI alignment (ensuring AI systems behave in ways humans intend and approve of) and how this technology affects society.
Langflow, a tool for building AI-powered agents and workflows, has a vulnerability in versions before 1.7.0 where an attacker can specify any file path in a request to create or overwrite files anywhere on the server. The vulnerability exists because the server doesn't restrict or validate the file paths, allowing attackers to write files to sensitive locations like system directories.
Langflow, a tool for building AI-powered agents and workflows, has a vulnerability in versions before 1.7.0 where its API Request component can make arbitrary HTTP requests to internal network addresses. An attacker with an API key could exploit this SSRF (server-side request forgery, where a server is tricked into making requests to unintended targets) to access sensitive internal resources like databases and metadata services, potentially stealing information or preparing further attacks.
CVE-2025-63389 is a critical vulnerability in Ollama (an AI platform) versions up to v0.12.3 where API endpoints (connection points for software communication) are exposed without authentication (verification of identity), allowing attackers to remotely perform unauthorized model management operations. The vulnerability stems from missing authentication checks on critical functions.
CVE-2025-62998 is a vulnerability in WP AI CoPilot (a WordPress plugin that adds AI features) versions 1.2.7 and earlier, where sensitive information can be unintentionally included in data sent from the plugin. This is classified as CWE-201 (insertion of sensitive information into sent data), meaning the plugin may leak private or confidential data to unintended recipients.
AnythingLLM v1.8.5 has a vulnerability in its /api/workspaces endpoint (a web address used to access workspace data) that skips authentication checks, allowing attackers without permission to see detailed information about all workspaces, including AI model settings, system prompts (instructions given to the AI), and other configuration details. This means someone could potentially discover sensitive workspace configurations without needing to log in.
President Trump issued an executive order to prevent states from regulating AI by using federal tools like funding withholding and legal challenges, aiming to replace varied state rules with a single federal framework. The order directs federal agencies, including the Attorney General and Commerce Secretary, to challenge state AI laws they view as problematic, while the FTC and FCC will issue guidance on how existing federal laws apply to AI. This action follows a year where ambitious state AI safety proposals, like New York's RAISE Act (which would require AI labs to publish safety practices and report serious incidents), were either weakened or blocked.
Elderly people are increasingly using digital technology for communication and information access, but their limited cybersecurity knowledge makes them attractive targets for cybercriminals. The article examines common cybercrimes targeting seniors, the specific vulnerabilities that put them at risk, and existing approaches to reduce these dangers.
Generative AI (systems that create new text, images, or other content) is transforming many industries but raises ethical concerns like data privacy (protecting personal information), bias (unfair treatment of certain groups), transparency (being open about how the AI works), and accountability (responsibility for the AI's actions). Researchers propose a trust framework based on transparency, fairness, accountability, and privacy to help ensure generative AI is developed and used responsibly.
Cyberbullying on social media is a growing problem that harms people's mental health, and traditional methods to stop it are no longer effective. This study examines how artificial intelligence can help protect online communities from cyberbullying by exploring different AI technologies, their uses, and the challenges involved. The goal is to understand how AI might create safer online environments.
Pre-trained language models (PLMs, large AI systems trained on text data) can be vulnerable to backdoor attacks, where hidden triggers in input cause the model to produce manipulated output. This paper proposes an enhanced defense method called masking-differential prompting (MDP) that works with few-shot learning (training on very small datasets), using Jensen-Shannon divergence (a mathematical measure to compare probability distributions) instead of traditional methods and an automatic threshold-selection approach to better detect and block these attacks.
Fix: The paper proposes two enhancements to the masking-differential prompting (MDP) defense method: (1) adopting Jensen–Shannon (JS) divergence instead of Kullback–Leibler (KL) divergence to handle cases where anchor set information has insufficient density, keeping the divergence finite and better exploiting available data; and (2) proposing an adaptive threshold method that automatically searches for the threshold based on false rejection rate (FRR) allowance, replacing the computationally expensive manual threshold selection method using ROC curve (AUC).
IEEE Xplore (Security & AI Journals)This research addresses a problem in federated learning (a method where multiple computers train an AI model together without sharing raw data) combined with adversarial training (a technique that makes AI models resistant to intentionally tricky inputs). The authors found that simply combining these two approaches causes the model's accuracy to drop because adversarial training increases differences in the data across different computers, making the federated learning less effective. They propose SFAT (Slack Federated Adversarial Training), which uses a relaxation mechanism to adjust how the computers combine their learning results, reducing the harmful effects of data differences and improving overall performance.
Federated Learning (FL, a method where multiple computers train an AI model together without sharing raw data) can leak private information through gradient inversion attacks (GIA, techniques that reconstruct sensitive data from the mathematical updates used in training). This paper reviews three types of GIA methods and finds that while optimization-based GIA is most practical, generation-based and analytics-based GIA have significant limitations, and proposes a three-stage defense pipeline for FL frameworks.
Fix: The source mentions 'a three-stage defense pipeline to users when designing FL frameworks and protocols for better privacy protection,' but does not explicitly describe what this pipeline contains or how to implement it.
IEEE Xplore (Security & AI Journals)This research proposes SIAMD, a framework for detecting social media bots (automated accounts that spread misinformation) before they cause harm. The system analyzes patterns in how user accounts interact with messages, uses structural entropy (a measure of uncertainty in data patterns) to identify bot-like behavior, and generates synthetic bot messages with large language models (AI systems trained on text data) to test and improve detection systems.
Fix: Update Langflow to version 1.7.0, which fixes the issue.
NVD/CVE DatabaseFix: Update to version 1.7.0 or later, which contains a patch for this issue.
NVD/CVE DatabaseLLMs trained on copyrighted datasets risk generating text that infringes on copyright, and current detection methods struggle to identify which specific data sources influenced the output. Inner-Probe is a new lightweight framework that analyzes multihead attention (MHA, the mechanism LLMs use to focus on relevant parts of input when generating text) to better identify which copyrighted subdatasets contributed to generated text and to filter out noncopyrighted content, achieving significantly better accuracy and efficiency than existing approaches.
This paper addresses a problem in offline reinforcement learning (RL, a type of AI training that learns from pre-collected data without needing new real-world interaction) where Q value overestimation (the AI incorrectly thinking certain actions are better than they actually are) causes training problems in robotic tasks with many possible actions. The researchers propose MQR (most overestimated Q value regularization), an algorithm that specifically penalizes the single action with the worst overestimation rather than equally penalizing all actions, and demonstrate it achieves 99.04% success rates in real-world robotic grasping tasks.
The article argues that while AI language models (LLMs, systems trained on large amounts of text to generate responses) and traditional programming languages both increase abstraction, they differ fundamentally in a critical way: compilers are deterministic (they reliably produce the same output every time), while LLMs are nondeterministic (they produce different outputs for the same input). This matters for software security and correctness because compilers preserve the programmer's intended meaning through the translation process, but LLMs cannot guarantee they will generate code that does what you actually need.
The AIBOM Generator, an open-source tool that creates an AI Software Bill of Materials (AIBOM, a structured document listing key information about an AI model like its data sources and configurations), has been moved to OWASP (a nonprofit focused on software security) to enable broader community collaboration and development. The tool helps organizations understand what's inside AI models, where they came from, and how trustworthy their documentation is, addressing a gap between rapid AI adoption and lagging transparency practices. The project is now part of the OWASP GenAI Security Project and will continue improving AI supply chain visibility through community-driven enhancements.
This paper introduces PIRS, a system for private information retrieval (PIR, where a user can fetch data from a database without revealing which data they want). PIRS uses two servers and splits the retrieval process into an offline phase, where the client preprocesses the database to create hints, and an online phase, where the client uses those hints to securely retrieve records. Unlike existing approaches, PIRS allows clients to store hints on the servers instead of locally, reducing storage needs from gigabytes to kilobytes by using secret sharing (a technique where data is split into pieces that are useless individually but combine to reveal the original).
This research proposes LigSecOTA, a lightweight system for securely updating automotive software remotely without being hacked. Unlike existing systems that rely on digital certificates (cryptographic credentials identifying devices) based on physical identifiers that can be forged, LigSecOTA creates unique certificates based on timing information instead, and provides integrated security across authentication (verifying identity), confidentiality (keeping data private), integrity (ensuring data isn't tampered with), access control (limiting who can do what), and data freshness (confirming updates are current).
Fix: The source describes LigSecOTA itself as the proposed solution: a one-machine-one-certificate digital identity management system that issues unique digital certificates for each ECU (Electronic Control Unit, the computer in a vehicle) based on bit time information instead of physical identifiers. LigSecOTA ensures integrated security through three processes: authentication, authorization, and package distribution, with authorization dynamically providing keys for package distribution to enhance security.
IEEE Xplore (Security & AI Journals)