All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
AI models can now find software vulnerabilities (weaknesses that attackers can exploit) much faster than humans can fix them, exposing decades of poorly-secured software code. This creates an urgent need for governments, companies, and infrastructure operators to work together on coordinated fixes, patch management (applying software updates), and automated vulnerability repair before attackers use AI to exploit these weaknesses at scale.
Fix: The article calls for 'accelerated remediation, large-scale patch management coordination, and sustained investment in automated vulnerability repair capabilities,' but does not describe specific technical fixes or mitigation steps. N/A -- no explicit patch, version update, or detailed mitigation procedure is provided in the source.
Schneier on SecurityAnthropic, an AI company, has filed paperwork with the SEC (Securities and Exchange Commission, the U.S. agency that oversees stock markets) to begin the process of going public, meaning it will offer shares of the company for people to buy on the stock market. The company is currently valued at $965 billion, making it more valuable than its competitor OpenAI.
Anthropic, the company behind Claude (a popular AI chatbot), has filed confidentially to become a publicly traded company on the US stock market. The announcement reflects the growing financial competition in the AI industry, with Anthropic's valuation rising dramatically from $380 billion in February to $965 billion after a recent $65 billion funding round.
Microsoft is holding its Build developer conference to showcase new AI capabilities and rebuild trust with developers, who have lost confidence in Windows and GitHub. The company plans to announce new AI models integrated into Windows, a new reasoning model (an AI system designed to work through complex problems step-by-step), and a Copilot super app (a unified interface for multiple AI assistant features).
The `PATCH /workspaces/{id}` endpoint in praisonai-platform allows any workspace member to change the workspace's name, description, and settings (a free-form JSON configuration object) because it only checks that the user is a member, not that they have owner-level permissions. This is dangerous because attackers could inject malicious settings that could redirect API calls to attacker-controlled servers, disable logging, or change other critical configurations depending on what the platform reads from the settings field.
Flowise, an open-source platform for building self-hosted AI assistants, has a critical remote code execution (RCE, where attackers can run commands on a system they don't own) vulnerability in its Model Context Protocol (MCP, a system that lets AI agents interact with local tools and files) stdio server implementation. The flaw allows attackers to execute arbitrary commands with the privileges of the Flowise process by importing a malicious chatflow, and Flowise's attempted patches using input validation have proven ineffective.
OpenAI is building The Barn, a 1GW data center campus (a facility that processes and stores data for AI systems) in Michigan, with commitments to protect local residents from infrastructure costs, preserve water resources through closed-loop cooling, create thousands of union construction and permanent jobs, and invest $10 million in community improvements. The company is also providing up to $45 million in Codex credits (free access to AI coding tools) to over 400,000 Michigan college and trade school students, along with AI literacy and workforce training programs to help students develop skills for AI-related jobs.
ChatGPT's arrival in 2022 disrupted the venture capital landscape, making hundreds of startups built before this AI boom appear outdated and overvalued. Over 220 companies that had reached "unicorn" status (valued at $1 billion or more) are now worth significantly less, with startups from 2021 down 68% in value on average, because they lack AI-native products and investors have redirected funding toward AI-focused companies instead.
Nvidia has launched a new chip called RTX Spark PC designed for Windows computers that brings AI capabilities directly to laptops and desktop computers, potentially allowing AI agents to replace traditional input methods like mice and keyboards. This move positions Nvidia in competition with other major chip makers like Intel, Apple, Qualcomm, and AMD in the AI chip market.
Anthropic is giving the European Union access to Mythos, its most advanced AI model, after months of requests due to cybersecurity concerns. Mythos excels at finding security flaws in software (vulnerabilities, or weaknesses in code), but officials worry bad actors could misuse it to accelerate cybercrimes by exploiting thousands of previously unknown weaknesses. The EU is still working out the exact terms of the deal and discussing AI risks with partner countries.
AI-generated music is becoming widespread in the music industry, with over 50,000 AI-generated songs uploaded daily to streaming platforms, making it harder to identify and filter out. The Recording Academy, which runs the Grammy Awards, currently has rules that exclude AI music from eligibility, but the CEO acknowledges that AI tools like Suno are now omnipresent in music production sessions.
TrustSearch is a system that performs reverse image search (finding similar images in a database) on encrypted data stored in the cloud while protecting user privacy. It uses Intel SGX (a trusted execution environment, which is a secure area on a processor where sensitive operations can run protected from outside access) to search images without decrypting them, but had to optimize its design because SGX has limited memory and processing resources.
This research introduces QAFD (Quality-Assisted Forgery Detection), a new system for detecting AI-generated images by analyzing both visual features and quality-related artifacts that different generative models produce. The system uses a quality-guided approach to help AI models better understand degradation patterns in fake images, allowing it to detect AI-generated content more reliably even when tested on unseen generative models and images that have been edited after creation.
Ridesharing apps need to protect user location privacy, but adding random noise to locations (Laplace noise, a mathematical technique that obscures exact positions) makes it harder to match drivers with passengers efficiently. This paper proposes using linear programming (a mathematical optimization method for finding the best solution among many options) to solve the real-time matching problem between ridesharing requests and drivers while maintaining both privacy and matching quality.
Large language models raise privacy concerns because the knowledge they learn becomes deeply entangled in their structure, making it hard to make them "forget" specific information. Researchers developed a privacy-preserving machine unlearning method (a technique to remove learned data from AI models) that eliminates high-risk information from model outputs and uses differentially-private randomization (adding statistical noise to hide sensitive data) to ensure unlearned information cannot be identified, without requiring model parameter adjustments.
Fix: The proposed solution eliminates the impact of targeted information by removing high-risk semantic meanings from the model's output and incorporates differentially-private randomization to make the unlearned information statistically indiscernible. The algorithm requires neither parametric fine-tuning nor in-context prompt calibration.
IEEE Xplore (Security & AI Journals)This paper addresses the problem of detecting partially spoofed utterances (audio that contains both real and fake segments mixed together) without needing labeled data marking where the fake parts are. The researchers propose FMG, a method using Graph Neural Networks (GNNs, a type of AI model that understands relationships between connected pieces of data) to better track how different audio segments relate to each other over time and to identify which segments are likely fake.
BadBone is a backdoor attack (a type of hidden vulnerability where an attacker secretly compromises a model to make it misbehave on specific tasks) that targets backbone models (large pre-trained neural networks that serve as the foundation for smaller AI systems) used in prompt learning (a technique where users guide AI behavior by providing example inputs called prompts). The attack is stealthy because it hides the backdoor in the backbone model rather than in the prompt learning process itself, so downstream tasks using prompt learning inherit the vulnerability while the model appears to work normally. Testing shows that current security defenses against backdoors are largely ineffective against BadBone, indicating the need for stronger protections.
This research proposes a new encryption method called registered attribute-based encryption (RABE, a cryptographic technique that controls who can access data based on their attributes rather than fixed keys) to protect electronic health records (medical data stored in the cloud) from privacy and security risks. The proposed system addresses key problems with existing RABE approaches by allowing permission changes without constantly re-encrypting data and by reducing the computational work required on users' devices to decrypt information.
This paper presents a mathematical framework for making cybersecurity decisions when facing uncertain threats in turn-based security games (scenarios where defenders and attackers take turns making moves). The framework handles uncertainty about both what the attacker might do and how well defensive controls will work, using game theory (the study of strategic decision-making between competing parties) and robust optimization (techniques for finding solutions that work well even when future conditions are unknown). The researchers show their approach outperforms traditional defensive strategies and demonstrate its usefulness through a network attack example.
This research proposes new cryptographic methods (PKEET-VPG and its verifiable version) to improve traceable anonymous credentials, which are systems that let users prove they have certain attributes without revealing their identity while still allowing regulators to trace misuse if needed. The key innovation uses session-specific tracing keys (temporary permission codes tied to single authentication sessions) to prevent abuse, and the methods reduce the computational burden on regulators who need to handle large numbers of authentication records.
Fix: The only complete mitigation explicitly recommended by researchers is to disable MCP stdio by setting "CUSTOM_MCP_PROTOCOL=sse". For deployments that cannot disable this feature without disrupting operations, the researchers suggest pinning trusted packages where possible and reviewing imported chatflows from untrusted sources, though these are presented as partial measures rather than complete fixes.
CSO Online