aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6449 items

Model-Based Offline Reinforcement Learning With Adversarial Data Augmentation

inforesearchPeer-Reviewed
research
Dec 2, 2025

Model-based offline reinforcement learning (RL, where an AI learns to make decisions from a fixed dataset without interacting with a live environment) struggles because static data makes it hard to develop robust policies. This paper introduces MORAL, which uses adversarial data augmentation (a technique where competing AI models deliberately generate challenging training examples to improve robustness) to dynamically enrich training data and improve policy learning instead of using traditional fixed rollout methods.

IEEE Xplore (Security & AI Journals)

User Isolation Poisoning on Decentralized Federated Learning: An Adversarial Message-Passing Graph Neural Network Approach

inforesearchPeer-Reviewed
security

CVE-2025-66448: vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote co

highvulnerability
security
Dec 1, 2025
CVE-2025-66448

vLLM (a tool for running large language models) versions before 0.11.1 have a critical security flaw where loading a model configuration can execute malicious code from the internet without the user's permission. An attacker can create a fake model that appears safe but secretly downloads and runs harmful code from another location, even when users try to block remote code by setting trust_remote_code=False (a security setting meant to prevent exactly this).

AI Safety Newsletter #66: Evaluating Frontier Models, New Gemini and Claude, Preemption is Back

infonews
safetyresearch

CVE-2025-49642: Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directo

infovulnerability
security
Dec 1, 2025
CVE-2025-49642

A vulnerability (CVE-2025-49642) in Zabbix Agent on AIX systems allows local users with write access to the /home/cecuser directory to hijack library loading, potentially gaining unauthorized access or modifying the system. This is rated as medium severity (CVSS score of 5.8, a 0-10 vulnerability rating scale) and exploits untrusted search paths (directories the system checks when looking for required files).

Privacy-Preserving Proxy Bilateral Access Control for Secure Data Forwarding

inforesearchPeer-Reviewed
research

Frequency Bias Matters: Diving Into Robust and Generalized Deep Image Forgery Detection

inforesearchPeer-Reviewed
security

The Impact of Digit Semantic Patterns on Password Security

inforesearchPeer-Reviewed
security

CVE-2025-66201: LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-sid

highvulnerability
security
Nov 29, 2025
CVE-2025-66201

LibreChat, a ChatGPT alternative with extra features, had a vulnerability in versions before 0.8.1-rc2 where an authenticated user could exploit the "Actions" feature by uploading malicious OpenAPI specs (interface documents that describe how to connect to external services) to perform SSRF (server-side request forgery, where the server itself is tricked into accessing restricted URLs on the attacker's behalf). This could allow attackers to reach sensitive services like cloud metadata endpoints that are normally hidden from regular users.

CVE-2025-12638: Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extractin

highvulnerability
security
Nov 28, 2025
CVE-2025-12638

Keras version 3.11.3 has a path traversal vulnerability (a security flaw where attackers can write files outside the intended directory) in the keras.utils.get_file() function when extracting tar archives (compressed file formats). The function fails to properly validate file paths during extraction, allowing an attacker to write files anywhere on the system, potentially compromising it or executing malicious code.

A Generative AI Application for Qualitative Automatic Population of Multimedia Knowledge Graphs

inforesearchPeer-Reviewed
research

CVE-2025-13381: The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due t

mediumvulnerability
security
Nov 27, 2025
CVE-2025-13381

The AI ChatBot with ChatGPT and Content Generator plugin for WordPress (versions up to 2.7.0) has a missing authorization check (a security control that verifies a user has permission to perform an action) in its 'ays_chatgpt_save_wp_media' function, allowing unauthenticated attackers to upload media files without logging in. This vulnerability affects all versions through 2.7.0.

CVE-2025-13378: The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forge

mediumvulnerability
security
Nov 27, 2025
CVE-2025-13378

CVE-2025-13378 is a vulnerability in the AI ChatBot with ChatGPT and Content Generator plugin for WordPress that allows SSRF (server-side request forgery, where an attacker tricks a server into making unwanted network requests on their behalf). The vulnerability exists in the plugin code, with references to affected code in versions 2.6.9 and earlier.

FedFlex: Protecting Shared Features in Vertical Federated Learning via Differential Privacy

inforesearchPeer-Reviewed
security

CVE-2025-62593: Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited

criticalvulnerability
security
Nov 26, 2025
CVE-2025-62593

Ray, an AI compute engine, had a critical vulnerability before version 2.52.0 that allowed attackers to run code on a developer's computer (RCE, or remote code execution) through Firefox and Safari browsers. The vulnerability exploited a weak security check that only looked at the User-Agent header (a piece of information browsers send to websites) combined with DNS rebinding attacks (tricks that redirect browser requests to unexpected servers), allowing attackers to compromise developers who visited malicious websites or ads.

CVE-2021-4472: The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' featur

mediumvulnerability
security
Nov 26, 2025
CVE-2021-4472

The mistral-dashboard plugin for OpenStack (a cloud computing platform) has a local file inclusion vulnerability (a flaw that lets attackers read files they shouldn't access) in its 'Create Workbook' feature, which could expose sensitive file contents on the affected system.

v5.1.1

inforesearchIndustry
industry

Dual-Locking Learned AI Models: A PIN-Based Sparse QIM Watermarking and Adaptive Index Permutation Approach

inforesearchPeer-Reviewed
research

Deep Learning With Data Privacy via Residual Perturbation

inforesearchPeer-Reviewed
research

CVE-2025-62703: Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Da

highvulnerability
security
Nov 25, 2025
CVE-2025-62703

Fugue is a tool that lets developers run Python, Pandas, and SQL code across distributed computing systems like Spark, Dask, and Ray. Versions 0.9.2 and earlier have a remote code execution vulnerability (RCE, where attackers can run arbitrary code on a victim's machine) in the RPC server because it deserializes untrusted data using cloudpickle.loads() without checking if the data is safe first. An attacker can send malicious serialized Python objects to the server, which will execute on the victim's machine.

Previous233 / 323Next
research
Dec 2, 2025

Researchers have identified a new attack called user isolation poisoning (UIP) that targets decentralized federated learning (DFL, a system where multiple computers train AI models together without sending raw data to a central server). A malicious participant in DFL can use an adversarial message-passing graph neural network (a type of AI model that shares information between connected nodes) to strategically corrupt their model updates, which tricks the system into ignoring honest participants' contributions and reduces the overall accuracy of the shared model by up to 49.5%.

IEEE Xplore (Security & AI Journals)

Fix: This vulnerability is fixed in vLLM version 0.11.1. Users should update to this version or later.

NVD/CVE Database
Dec 1, 2025

The Center for AI Safety launched an AI Dashboard that evaluates frontier AI models (the most advanced AI systems currently available) on capability and safety benchmarks, ranking them across text, vision, and risk categories. The Risk Index specifically measures how likely models are to exhibit dangerous behaviors like dual-use biology assistance (helping with harmful biological research), jailbreaking vulnerability (susceptibility to tricks that bypass safety features), overconfidence, deception, and harmful actions, with Claude Opus 4.5 currently scoring safest at 33.6 on a 0-100 scale (lower is safer). The dashboard also tracks industry progress toward broader automation milestones like AGI (artificial general intelligence, systems that can perform any intellectual task) and self-driving vehicles.

CAIS AI Safety Newsletter
NVD/CVE Database
Dec 1, 2025

This research addresses limitations in proxy re-encryption (a technique that converts encrypted data so one user can decrypt it and another user can read it instead) by proposing a new system called privacy-preserving proxy bilateral access control. The new system allows both the sender and receiver to set rules about what data can be shared, while protecting the message from being read by unauthorized parties and from being altered or forged during forwarding through multiple nodes.

IEEE Xplore (Security & AI Journals)
research
Dec 1, 2025

AI-generated image forgeries created by tools like GANs (generative adversarial networks, AI models that create fake images) are hard to detect reliably, especially when facing new types of fakes or noisy images. Researchers found that forgery detectors fail because of frequency bias (a tendency to focus on certain patterns in image data while ignoring others), and they developed a frequency alignment method that can either attack these detectors or strengthen them by removing differences between real and fake images in how they look at the frequency level.

Fix: The source proposes a two-step frequency alignment method to remove the frequency discrepancy between real and fake images. According to the text, this method 'can serve as a strong black-box attack against forgery detectors in the anti-forensic context or, conversely, as a universal defense to improve detector reliability in the forensic context.' The authors developed corresponding attack and defense implementations and demonstrated their effectiveness across twelve detectors, eight forgery models, and five evaluation metrics.

IEEE Xplore (Security & AI Journals)
Dec 1, 2025

Current password strength meters in IoT systems (internet-connected devices) incorrectly rate passwords as secure when they contain certain number patterns, causing users to create passwords that are actually weak. Researchers discovered that numbers in passwords follow predictable semantic patterns (like common sequences or meaningful digit combinations), which attackers can exploit using improved PCFG attacks (a method that guesses passwords by learning common patterns from leaked databases). The study proposes updating password strength meters to account for these digit patterns when evaluating password security.

Fix: The source proposes "a feasible scheme to improve the password strength meter for IoT systems based on the high-frequency semantic characteristics of digit segments" but does not provide specific implementation details, code, or concrete steps in the text provided.

IEEE Xplore (Security & AI Journals)

Fix: Update LibreChat to version 0.8.1-rc2 or later, where this issue has been patched.

NVD/CVE Database
NVD/CVE Database
Nov 28, 2025

This research proposes using generative AI (AI systems that can create new content) to automatically build multimedia knowledge graphs (MKGs, which are tools that organize data by showing how images, text, and other media relate to each other). The approach uses a quality index (QI, a computed score that measures how good generated images are) to evaluate synthetic images, reducing manual review work while keeping expert judgment for difficult or safety-critical decisions.

IEEE Xplore (Security & AI Journals)

Fix: Update to version 2.7.1 or later, which includes a fix for the missing authorization check as shown in the changeset referenced in the vulnerability report.

NVD/CVE Database

Fix: The vulnerability was fixed in version 2.7.1, as shown by the changeset comparison between version 2.6.9 and version 2.7.1 of the admin file in the WordPress plugin repository.

NVD/CVE Database
privacy
Nov 27, 2025

Vertical federated learning (VFL, a method where multiple parties train an AI model together by sharing features derived from their local data without sharing the raw data itself) can leak sensitive information through the shared features, making them vulnerable to attacks like reconstruction and inference (where attackers try to figure out or recreate the original data). FedFlex is a new framework that protects these shared features by combining VFL with differential privacy (DP, a technique that adds noise to data to hide individual information), first adding a fixed amount of noise and then automatically adjusting how features are shared to improve accuracy while maintaining privacy protection.

Fix: FedFlex addresses the problem through a two-step integration approach: first, it achieves generic protection by adding a task-agnostic amount of noise; subsequently, it adaptively adjusts the scale and distribution of the features to be shared in a trainable manner, thereby enhancing model accuracy under the added noise.

IEEE Xplore (Security & AI Journals)

Fix: Update to Ray version 2.52.0 or later, as this issue has been patched in that version.

NVD/CVE Database
NVD/CVE Database
Nov 26, 2025

N/A -- This content is a website navigation menu and product listing for GitHub's development platform features, not a technical article about an AI/LLM issue, vulnerability, or problem.

MITRE ATLAS Releases
security
Nov 26, 2025

Researchers developed a dual-locking security method for protecting trained neural networks by combining two techniques: a PIN (personal identification number)-based watermark embedded in the network's bias coefficients, and a cryptographic key that scrambles the network's internal index vectors. When locked without the correct key, the network becomes nearly non-functional (dropping accuracy below 10%), but unlocking with the right key fully restores its performance while keeping the ownership watermark hidden inside the model.

IEEE Xplore (Security & AI Journals)
privacy
Nov 26, 2025

This research proposes a new method for protecting data privacy in deep learning (training AI models on sensitive data) by adding Gaussian noise (random values from a bell-curve distribution) to ResNets (a type of neural network with skip connections). The method aims to provide differential privacy (a mathematical guarantee that an individual's data cannot be easily identified from the model's results) while maintaining better accuracy and speed than existing privacy-protection techniques like DPSGD (differentially private stochastic gradient descent, a slower privacy-focused training method).

IEEE Xplore (Security & AI Journals)

Fix: This issue has been patched via commit 6f25326.

NVD/CVE Database