aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6493 items

Asynchronous Federated Learning With Nonconvex Client Objective Functions and Heterogeneous Dataset

inforesearchPeer-Reviewed
research
Oct 14, 2025

This research addresses challenges in asynchronous federated learning (AFL, a distributed machine learning approach where multiple devices train a model on their own data without sending raw data to a central server), specifically when devices have different types of objective functions and uneven data. The authors propose two main improvements: a staleness-aware aggregation mechanism (a method that reduces the influence of outdated updates from slower devices) and a dynamic learning rate schedule (an adaptive parameter that adjusts training speed based on how delayed each device's updates are) to improve model accuracy and stability in real-world environments where devices have different computing power and network speeds.

Fix: The source explicitly proposes two solutions: (1) 'a staleness-aware aggregation mechanism that penalizes outdated updates, ensuring fresher data have a more significant influence on the global model,' and (2) 'a dynamic learning rate schedule that adapts to client staleness and heterogeneity, improving stability and convergence.' The authors demonstrate practical implementation using 'PyTorch and Python's asyncio library.'

IEEE Xplore (Security & AI Journals)

A Mathematical Certification for Positivity Conditions in Neural Networks With Applications to Partial Monotonicity and Trustworthy AI

inforesearchPeer-Reviewed
research

CVE-2025-62364: text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Loc

mediumvulnerability
security
Oct 13, 2025
CVE-2025-62364

text-generation-webui (an open-source tool for running large language models through a web interface) versions 3.13 and earlier contain a Local File Inclusion vulnerability (a flaw where an attacker can read files they shouldn't have access to) in the character picture upload feature. An attacker can upload a text file with a symbolic link (a shortcut to another file) pointing to sensitive files, and the application will expose those files' contents through the web, potentially revealing passwords and system settings.

Action-Perturbation Backdoor Attacks on Partially Observable Multiagent Systems

inforesearchPeer-Reviewed
security

Advancing Biometric Authentication With Dual-Threshold Multi-Modal Systems and Geometric Programming for Enhanced Digital Security

inforesearchPeer-Reviewed
security

Do More With Less: Architecture-Agnostic and Data-Free Extraction Attack Against Tabular Model

inforesearchPeer-Reviewed
security

Really Unlearned? Verifying Machine Unlearning via Influential Sample Pairs

inforesearchPeer-Reviewed
security

Privacy Protection of Dual Averaging Push for Decentralized Optimization via Zero-Sum Structured Perturbations

inforesearchPeer-Reviewed
research

Engineering Trustworthy AI: A Developer Guide for Empirical Risk Minimization

inforesearchPeer-Reviewed
research

A Deep Reinforcement Learning Approach to Time Delay Differential Game Deception Resource Deployment

inforesearchPeer-Reviewed
research

Exploring Energy Landscapes for Minimal Counterfactual Explanations: Applications in Cybersecurity and Beyond

inforesearchPeer-Reviewed
research

CVE-2025-59286: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized at

criticalvulnerability
security
Oct 9, 2025
CVE-2025-59286

CVE-2025-59286 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting how special characters are handled) in Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability stems from improper neutralization of special elements used in commands. A CVSS score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.

CVE-2025-59272: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized at

criticalvulnerability
security
Oct 9, 2025
CVE-2025-59272

CVE-2025-59272 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into user input that gets executed by the system) in Copilot that allows an unauthorized attacker to disclose information locally. The vulnerability stems from improper handling of special characters in commands, and it has a CVSS 4.0 severity rating (a moderate severity score on a 0-10 scale).

CVE-2025-59252: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized at

criticalvulnerability
security
Oct 9, 2025
CVE-2025-59252

CVE-2025-59252 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into a system by exploiting improper handling of special characters) in Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability stems from improper neutralization of special elements used in commands. The CVSS severity score (a 0-10 rating of vulnerability severity) has not yet been assigned by NIST.

Mujaz: A Summarization-Based Approach for Normalized Vulnerability Description

inforesearchPeer-Reviewed
research

Secure and Efficient Personalized Multi-Receiver Data Sharing With Cross-Domain Authentication for Internet of Vehicles

inforesearchPeer-Reviewed
security

FGRW: Fine-Grained Reversible Watermarking Based on Distribution-Adaptive Contrastive Augmentation Across Diverse Domains

inforesearchPeer-Reviewed
research

DynMD: Energy-Based Dynamic Graph Representation Learning for Malware Detection

inforesearchPeer-Reviewed
research

CVE-2025-61913: Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, Wri

criticalvulnerability
security
Oct 8, 2025
CVE-2025-61913

Flowise is a visual tool for building custom LLM (large language model) workflows, but versions before 3.0.8 have a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its file read and write tools. Authenticated attackers could exploit this to read and write any files on the system, potentially leading to remote code execution (running malicious commands on the server).

CVE-2025-5009: In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable pub

lowvulnerability
securityprivacy
Previous241 / 325Next
safety
Oct 14, 2025

This research presents LipVor, an algorithm that mathematically verifies whether a trained neural network (a computer model with interconnected nodes that learns patterns) follows partial monotonicity constraints, which means outputs change predictably with certain inputs. The method works by testing the network at specific points and using mathematical properties to guarantee the network behaves correctly across its entire domain, potentially allowing neural networks to be used in critical applications like credit scoring where trustworthiness and predictable behavior are required.

IEEE Xplore (Security & AI Journals)

Fix: Update to version 3.14, where this vulnerability is fixed.

NVD/CVE Database
research
Oct 13, 2025

Researchers discovered a type of backdoor attack (hidden malicious instructions planted in AI systems) on multiagent reinforcement learning systems, where one adversary agent uses its actions to trigger hidden failures in other agents' decision-making policies. Unlike previous attacks that assumed unrealistic direct control over what victims observe, this attack is more practical because it works through normal agent interactions in partially observable environments (where agents cannot always see what others are doing). The researchers developed a training method to help adversary agents efficiently trigger these backdoors with minimal suspicious actions.

IEEE Xplore (Security & AI Journals)
Oct 13, 2025

This article describes BMMA-GPT, a biometric authentication system that uses multiple forms of identification (like fingerprints and facial recognition) together with mathematical optimization to improve security and speed. The system uses a dual-threshold approach (two decision points to verify identity) and can be tailored to different organizational needs, achieving high accuracy while keeping verification time under 1.5 seconds.

IEEE Xplore (Security & AI Journals)
research
Oct 13, 2025

Researchers developed TabExtractor, a tool that can steal tabular models (AI systems trained on spreadsheet-like data) without needing access to the original training data or knowing how the model was built. The attack works by creating synthetic data samples and using a special neural network architecture called a contrastive tabular transformer (CTT, a type of AI that learns by comparing similar and different examples) to reverse-engineer a clone of the victim model that performs almost as well as the original. This research shows that tabular models face serious security risks from extraction attacks.

IEEE Xplore (Security & AI Journals)
research
Oct 13, 2025

Machine unlearning allows AI models to forget the effects of specific training samples, but verifying whether this actually happened is difficult because existing checks (like backdoor attacks or membership inference attacks, which test if a model remembers data by trying to extract or manipulate it) can be fooled by a dishonest model provider who simply retrains the model to pass the test rather than truly unlearning. This paper proposes IndirectVerify, a formal verification method that uses pairs of connected samples (trigger samples that are unlearned and reaction samples that should be affected by that unlearning) with intentional perturbations (small changes to training data) to create indirect evidence that unlearning actually occurred, making it harder to fake.

IEEE Xplore (Security & AI Journals)
privacy
Oct 13, 2025

This research addresses privacy risks in decentralized optimization (where multiple networked computers work together to solve a problem without a central coordinator) by proposing ZS-DDAPush, an algorithm that adds mathematical noise structures to protect sensitive node information during communication. The key innovation is that ZS-DDAPush achieves privacy protection while maintaining the accuracy and efficiency of the optimization process, avoiding the typical trade-offs seen in other privacy methods like differential privacy (adding statistical noise to protect individual data) or encryption (scrambling data so only authorized parties can read it).

IEEE Xplore (Security & AI Journals)
safety
Oct 13, 2025

AI systems used for important decisions often rely on empirical risk minimization (ERM, a training method that reduces prediction errors on known data) to build models, but these systems can suffer from unintentional bias, lack of transparency, and other risks. The EU has established Ethics Guidelines requiring trustworthy AI to meet seven key requirements, yet current ERM-based design prioritizes accuracy over trustworthiness. This article argues that developers need to balance four core objectives when designing AI systems: fairness (not discriminating against groups), privacy (protecting user data), robustness (resisting intentional attacks like fake news), and explainability (being transparent about how decisions are made).

IEEE Xplore (Security & AI Journals)
security
Oct 10, 2025

This research proposes a new method for deploying cyber deception (defensive tricks to confuse attackers) in networks by combining deep reinforcement learning (a type of AI that learns by trial and error) with game theory that accounts for time delays. The method uses an algorithm called proximal policy optimization (PPO, a technique for training AI to make optimal decisions) to figure out where and when to place deception resources, and tests show it outperforms existing approaches in handling complex network attacks.

IEEE Xplore (Security & AI Journals)
Oct 10, 2025

This research presents a new method for generating counterfactual explanations (minimal changes needed to flip an AI model's prediction), which are a type of explainable AI that helps users understand why models make specific decisions. The approach combines physics concepts like energy minimization and simulated annealing (an optimization technique inspired by metallurgy) to find the smallest, most realistic modifications needed to change a model's output, with applications tested in cybersecurity for Internet of Things devices (networked physical devices like sensors and cameras).

IEEE Xplore (Security & AI Journals)
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Oct 9, 2025

Mujaz is a system that uses natural language processing (NLP, the field of AI that helps computers understand human language) to automatically clean up and summarize vulnerability descriptions found in public databases. The system was trained on a collection of carefully labeled vulnerability summaries and uses pre-trained language models (AI systems trained on large amounts of text) to create clearer, more consistent descriptions that help developers and organizations understand and patch security issues more effectively.

IEEE Xplore (Security & AI Journals)
Oct 9, 2025

This research paper proposes a new cryptographic method for secure data sharing in Internet of Vehicles (IoV, a system where vehicles communicate with each other and road infrastructure). The method uses Certificateless Signcryption (CLSC, a technique that encrypts data and verifies its authenticity without requiring traditional certificates) to allow one sender to securely share customized data with multiple specific receivers while keeping it hidden from others, even across different geographic regions. The proposed approach reduces computational complexity and includes privacy protections through pseudonym generation (creating fake identities).

IEEE Xplore (Security & AI Journals)
security
Oct 9, 2025

This paper describes a new watermarking technique (a method to embed hidden ownership markers into AI models) that remains stable when models are fine-tuned (adjusted to perform new tasks) across different domains. The researchers propose a system that automatically adjusts synthetic training samples and watermark embedding based on the specific data, using out-of-distribution awareness (detecting when data differs significantly from expected patterns) to keep the watermark robust while maintaining the model's performance on its actual task.

IEEE Xplore (Security & AI Journals)
Oct 9, 2025

This paper presents DynMD, a new machine learning model that uses Graph Neural Networks (GNNs, which are AI systems that analyze connected data points and their relationships) to detect malware by analyzing streaming behavioral data (information about what a program does over time). Unlike previous approaches that miss how malware behaviors connect over time, DynMD uses an energy-based method to better understand malware patterns and can detect threats 3.81 to 5.33 times faster than existing systems.

IEEE Xplore (Security & AI Journals)

Fix: Upgrade to Flowise version 3.0.8, which fixes this vulnerability. The patch is available at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8.

NVD/CVE Database
Oct 8, 2025
CVE-2025-5009

CVE-2025-5009 is a privacy bug in Google's Gemini iOS app where sharing a snippet of a conversation accidentally shared the entire conversation history through a public link instead of just the selected part. This exposed users' full conversation data, including private information they didn't intend to share.

NVD/CVE Database