All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Model-based offline reinforcement learning (RL, where an AI learns to make decisions from a fixed dataset without interacting with a live environment) struggles because static data makes it hard to develop robust policies. This paper introduces MORAL, which uses adversarial data augmentation (a technique where competing AI models deliberately generate challenging training examples to improve robustness) to dynamically enrich training data and improve policy learning instead of using traditional fixed rollout methods.
vLLM (a tool for running large language models) versions before 0.11.1 have a critical security flaw where loading a model configuration can execute malicious code from the internet without the user's permission. An attacker can create a fake model that appears safe but secretly downloads and runs harmful code from another location, even when users try to block remote code by setting trust_remote_code=False (a security setting meant to prevent exactly this).
A vulnerability (CVE-2025-49642) in Zabbix Agent on AIX systems allows local users with write access to the /home/cecuser directory to hijack library loading, potentially gaining unauthorized access or modifying the system. This is rated as medium severity (CVSS score of 5.8, a 0-10 vulnerability rating scale) and exploits untrusted search paths (directories the system checks when looking for required files).
LibreChat, a ChatGPT alternative with extra features, had a vulnerability in versions before 0.8.1-rc2 where an authenticated user could exploit the "Actions" feature by uploading malicious OpenAPI specs (interface documents that describe how to connect to external services) to perform SSRF (server-side request forgery, where the server itself is tricked into accessing restricted URLs on the attacker's behalf). This could allow attackers to reach sensitive services like cloud metadata endpoints that are normally hidden from regular users.
Keras version 3.11.3 has a path traversal vulnerability (a security flaw where attackers can write files outside the intended directory) in the keras.utils.get_file() function when extracting tar archives (compressed file formats). The function fails to properly validate file paths during extraction, allowing an attacker to write files anywhere on the system, potentially compromising it or executing malicious code.
The AI ChatBot with ChatGPT and Content Generator plugin for WordPress (versions up to 2.7.0) has a missing authorization check (a security control that verifies a user has permission to perform an action) in its 'ays_chatgpt_save_wp_media' function, allowing unauthenticated attackers to upload media files without logging in. This vulnerability affects all versions through 2.7.0.
CVE-2025-13378 is a vulnerability in the AI ChatBot with ChatGPT and Content Generator plugin for WordPress that allows SSRF (server-side request forgery, where an attacker tricks a server into making unwanted network requests on their behalf). The vulnerability exists in the plugin code, with references to affected code in versions 2.6.9 and earlier.
Ray, an AI compute engine, had a critical vulnerability before version 2.52.0 that allowed attackers to run code on a developer's computer (RCE, or remote code execution) through Firefox and Safari browsers. The vulnerability exploited a weak security check that only looked at the User-Agent header (a piece of information browsers send to websites) combined with DNS rebinding attacks (tricks that redirect browser requests to unexpected servers), allowing attackers to compromise developers who visited malicious websites or ads.
The mistral-dashboard plugin for OpenStack (a cloud computing platform) has a local file inclusion vulnerability (a flaw that lets attackers read files they shouldn't access) in its 'Create Workbook' feature, which could expose sensitive file contents on the affected system.
Fugue is a tool that lets developers run Python, Pandas, and SQL code across distributed computing systems like Spark, Dask, and Ray. Versions 0.9.2 and earlier have a remote code execution vulnerability (RCE, where attackers can run arbitrary code on a victim's machine) in the RPC server because it deserializes untrusted data using cloudpickle.loads() without checking if the data is safe first. An attacker can send malicious serialized Python objects to the server, which will execute on the victim's machine.
Researchers have identified a new attack called user isolation poisoning (UIP) that targets decentralized federated learning (DFL, a system where multiple computers train AI models together without sending raw data to a central server). A malicious participant in DFL can use an adversarial message-passing graph neural network (a type of AI model that shares information between connected nodes) to strategically corrupt their model updates, which tricks the system into ignoring honest participants' contributions and reduces the overall accuracy of the shared model by up to 49.5%.
Fix: This vulnerability is fixed in vLLM version 0.11.1. Users should update to this version or later.
NVD/CVE DatabaseThe Center for AI Safety launched an AI Dashboard that evaluates frontier AI models (the most advanced AI systems currently available) on capability and safety benchmarks, ranking them across text, vision, and risk categories. The Risk Index specifically measures how likely models are to exhibit dangerous behaviors like dual-use biology assistance (helping with harmful biological research), jailbreaking vulnerability (susceptibility to tricks that bypass safety features), overconfidence, deception, and harmful actions, with Claude Opus 4.5 currently scoring safest at 33.6 on a 0-100 scale (lower is safer). The dashboard also tracks industry progress toward broader automation milestones like AGI (artificial general intelligence, systems that can perform any intellectual task) and self-driving vehicles.
This research addresses limitations in proxy re-encryption (a technique that converts encrypted data so one user can decrypt it and another user can read it instead) by proposing a new system called privacy-preserving proxy bilateral access control. The new system allows both the sender and receiver to set rules about what data can be shared, while protecting the message from being read by unauthorized parties and from being altered or forged during forwarding through multiple nodes.
AI-generated image forgeries created by tools like GANs (generative adversarial networks, AI models that create fake images) are hard to detect reliably, especially when facing new types of fakes or noisy images. Researchers found that forgery detectors fail because of frequency bias (a tendency to focus on certain patterns in image data while ignoring others), and they developed a frequency alignment method that can either attack these detectors or strengthen them by removing differences between real and fake images in how they look at the frequency level.
Fix: The source proposes a two-step frequency alignment method to remove the frequency discrepancy between real and fake images. According to the text, this method 'can serve as a strong black-box attack against forgery detectors in the anti-forensic context or, conversely, as a universal defense to improve detector reliability in the forensic context.' The authors developed corresponding attack and defense implementations and demonstrated their effectiveness across twelve detectors, eight forgery models, and five evaluation metrics.
IEEE Xplore (Security & AI Journals)Current password strength meters in IoT systems (internet-connected devices) incorrectly rate passwords as secure when they contain certain number patterns, causing users to create passwords that are actually weak. Researchers discovered that numbers in passwords follow predictable semantic patterns (like common sequences or meaningful digit combinations), which attackers can exploit using improved PCFG attacks (a method that guesses passwords by learning common patterns from leaked databases). The study proposes updating password strength meters to account for these digit patterns when evaluating password security.
Fix: The source proposes "a feasible scheme to improve the password strength meter for IoT systems based on the high-frequency semantic characteristics of digit segments" but does not provide specific implementation details, code, or concrete steps in the text provided.
IEEE Xplore (Security & AI Journals)Fix: Update LibreChat to version 0.8.1-rc2 or later, where this issue has been patched.
NVD/CVE DatabaseThis research proposes using generative AI (AI systems that can create new content) to automatically build multimedia knowledge graphs (MKGs, which are tools that organize data by showing how images, text, and other media relate to each other). The approach uses a quality index (QI, a computed score that measures how good generated images are) to evaluate synthetic images, reducing manual review work while keeping expert judgment for difficult or safety-critical decisions.
Fix: Update to version 2.7.1 or later, which includes a fix for the missing authorization check as shown in the changeset referenced in the vulnerability report.
NVD/CVE DatabaseFix: The vulnerability was fixed in version 2.7.1, as shown by the changeset comparison between version 2.6.9 and version 2.7.1 of the admin file in the WordPress plugin repository.
NVD/CVE DatabaseVertical federated learning (VFL, a method where multiple parties train an AI model together by sharing features derived from their local data without sharing the raw data itself) can leak sensitive information through the shared features, making them vulnerable to attacks like reconstruction and inference (where attackers try to figure out or recreate the original data). FedFlex is a new framework that protects these shared features by combining VFL with differential privacy (DP, a technique that adds noise to data to hide individual information), first adding a fixed amount of noise and then automatically adjusting how features are shared to improve accuracy while maintaining privacy protection.
Fix: FedFlex addresses the problem through a two-step integration approach: first, it achieves generic protection by adding a task-agnostic amount of noise; subsequently, it adaptively adjusts the scale and distribution of the features to be shared in a trainable manner, thereby enhancing model accuracy under the added noise.
IEEE Xplore (Security & AI Journals)Fix: Update to Ray version 2.52.0 or later, as this issue has been patched in that version.
NVD/CVE DatabaseN/A -- This content is a website navigation menu and product listing for GitHub's development platform features, not a technical article about an AI/LLM issue, vulnerability, or problem.
Researchers developed a dual-locking security method for protecting trained neural networks by combining two techniques: a PIN (personal identification number)-based watermark embedded in the network's bias coefficients, and a cryptographic key that scrambles the network's internal index vectors. When locked without the correct key, the network becomes nearly non-functional (dropping accuracy below 10%), but unlocking with the right key fully restores its performance while keeping the ownership watermark hidden inside the model.
This research proposes a new method for protecting data privacy in deep learning (training AI models on sensitive data) by adding Gaussian noise (random values from a bell-curve distribution) to ResNets (a type of neural network with skip connections). The method aims to provide differential privacy (a mathematical guarantee that an individual's data cannot be easily identified from the model's results) while maintaining better accuracy and speed than existing privacy-protection techniques like DPSGD (differentially private stochastic gradient descent, a slower privacy-focused training method).
Fix: This issue has been patched via commit 6f25326.
NVD/CVE Database