All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Model extraction attacks (MEA, where attackers steal the functionality of AI models by creating a clone with similar behavior) are a security threat that defenders counter by using auxiliary data to make the victim model give misleading predictions. However, realistic auxiliary data is hard to obtain, gives inconsistent protection, and doesn't protect all data categories equally. The paper proposes MDV (Model Defense Variational Autoencoder, a machine learning technique that generates synthetic data rather than using real data) to create virtual auxiliary data that effectively addresses all three problems.
Fix: The proposed solution is to use Model Defense Variational Autoencoder (MDV) to generate virtual auxiliary data as a replacement for realistic auxiliary data. MDV combines a Variational Autoencoder (VAE, a machine learning model that generates new synthetic data similar to training data) and a classifier, forcing learned features to follow different statistical distributions by category, then samples synthetic data from low-likelihood regions of these distributions to use as auxiliary data in defense methods.
IEEE Xplore (Security & AI Journals)Anthropic patched a vulnerability in Claude Code's network sandbox (a restricted environment that controls where the AI can send data) that could have allowed attackers to bypass security controls and steal sensitive information. The vulnerability, called a SOCKS5 hostname null-byte injection issue (a trick where attackers hide a malicious server address using special characters to fool the security filter), was silently fixed in version 2.1.88 released on March 31, 2025, but was never publicly disclosed or assigned a tracking identifier.
A malicious version of Bitwarden CLI was published on npm for 90 minutes in April 2026, stealing developer credentials through a compromised GitHub Action (an automated workflow tool). The incident received a CVE (common vulnerabilities and exposures, an official vulnerability identifier), but the CVE only notified defenders after the fact rather than providing a patch to apply, highlighting how CVE has drifted from its original purpose of identifying code flaws with fixable versions to tracking security incidents.
NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) that allows attackers to cause uncontrolled resource consumption, potentially leading to a denial of service attack (making the service unavailable to legitimate users).
NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) where an attacker could trigger an integer overflow (a bug where a number exceeds the maximum value a system can store). This could allow an attacker to execute malicious code, modify data, or crash the service.
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend (a component that processes data) where an attacker could perform an out-of-bounds read (accessing memory locations outside the intended range). Exploiting this could allow code execution (running malicious commands), data tampering (changing information), denial of service (making the system unavailable), or information disclosure (leaking sensitive data).
NVIDIA Triton Inference Server has a vulnerability where an attacker could cause an integer overflow (a situation where a number exceeds the maximum value a program can store, causing unexpected behavior), potentially leading to denial of service (making a system unavailable to users). The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is).
CVE-2026-24209 is a path traversal vulnerability (a flaw where an attacker manipulates file paths to access files outside their intended directory) in NVIDIA Triton Inference Server that could allow an attacker to cause a denial of service (making a system unavailable to users). The vulnerability has a CVSS 4.0 severity rating, though a full assessment from NIST has not yet been provided.
NVIDIA Triton Inference Server contains a path traversal vulnerability (CWE-22, a flaw where attackers can access files outside the intended directory) that could allow an attacker to cause a denial of service (making the service unavailable). The vulnerability has a CVSS 4.0 severity rating, though a detailed assessment has not yet been provided by NIST.
NVIDIA Triton Inference Server has a vulnerability (CVE-2026-24207) where an attacker could bypass authentication (skip security checks that normally verify who someone is), potentially allowing them to run code, gain higher privileges, change data, crash the service, or steal information. The vulnerability is classified as an authentication bypass using an alternate path or channel (CWE-288, a type of weakness where attackers find different ways to access a system without proper verification).
NVIDIA Triton Inference Server contains a vulnerability (CVE-2026-24206) that allows attackers to bypass authentication (a security check that verifies who you are), potentially leading to privilege escalation (gaining higher-level access), denial of service (making a system unavailable), or information disclosure (unauthorized access to data). The vulnerability is classified as CWE-288, which means it exploits an alternate path to bypass normal authentication checks.
Google announced updates to its search engine that will use AI more heavily, allowing users to ask longer, more natural questions that get answered by Google's chatbot instead of traditional search results. The company also revealed new smart glasses (wearable devices with computer capabilities) for consumers, marking its return to the hardware market over a decade after its previous glasses faced public criticism. These changes are powered by Google's new Gemini 3.5 AI model.
Vul-CTG is a new AI framework for detecting software vulnerabilities (bugs that create security weaknesses) by combining two approaches: PLMs (pretrained language models, AI systems trained on large amounts of text) and GNNs (graph neural networks, AI systems that analyze connected data structures). The framework improves on existing methods by better combining code text analysis with program graph analysis, using contrastive learning (training the AI to recognize similarities and differences) and handling unreliable training labels, achieving about 3% better accuracy than previous approaches.
Researchers have developed a new backdoor attack method called Trigger without Trace (TwT) that can secretly compromise text-to-image diffusion models (AI systems that generate images from text descriptions) while avoiding detection. The method works by using syntactic structures (grammar patterns) as hidden triggers and employing a mathematical technique called Kernel Maximum Mean Discrepancy (KMMD, a way to match statistical distributions) to make malicious samples look identical to legitimate ones, achieving a 97.5% success rate while bypassing three existing defense detection systems.
This research addresses leaky private information retrieval (L-PIR), a system where a user queries a database while accepting some measurable privacy leakage, quantified using differential privacy (a mathematical framework that bounds how much information an observer can learn about individual data). The researchers developed an improved L-PIR scheme that reduces privacy leakage from O(K) to O(log K) by using cyclic permutations (mathematical rearrangements) and assigning higher probabilities to keys with lower Hamming weights (fewer 1-bits in binary representation), achieving better privacy-to-cost tradeoffs than previous methods.
Fix: The vulnerability was fixed in Claude Code version 2.1.88, released on March 31, 2025. According to Anthropic, the fix was included in a public commit to the 'sandbox-runtime' repository on March 27, 2025.
SecurityWeekThis article discusses AI Bills of Materials (BOMs, which are detailed lists of components and dependencies used in AI systems), and how security leaders can prepare to use them effectively in their organizations. The piece focuses on five strategies that CISOs (Chief Information Security Officers, the executives responsible for security) can use to both adopt AI BOMs and help shape how they're created in the future.
Singapore has signed separate agreements with Google and OpenAI to strengthen its position as a global AI hub and speed up AI deployment in public services, healthcare, education, and business. OpenAI will invest over $234 million in Singapore's AI ecosystem and establish its first applied AI lab outside the U.S., while Google will focus on solving societal challenges, building an AI-ready workforce, and creating a secure AI ecosystem (systems designed to prevent harmful outcomes from AI).
Microsoft DirectX has a NULL byte overwrite vulnerability (a type of memory corruption where attackers can overwrite data at a specific memory location) in its QuickTime Movie Parser Filter within the quartz.dll file. An attacker could exploit this by sending a specially crafted QuickTime media file to execute arbitrary code (run any commands they want) on a victim's system, and this vulnerability is currently being exploited by real attackers.
Fix: Apply mitigations per Microsoft's vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Microsoft Security Bulletin MS09-028 for specific patch details.
CISA Known Exploited VulnerabilitiesMicrosoft Internet Explorer has a use-after-free vulnerability (a bug where code tries to access memory that has already been freed), which could let attackers run arbitrary code (any commands they choose) on a user's computer through specially crafted web content. The affected version is end-of-life (no longer supported by Microsoft), and this vulnerability is currently being exploited by real attackers.
Fix: Apply mitigations per vendor (Microsoft) instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesMicrosoft Defender has a link following vulnerability (a flaw where the software unsafely opens links that could lead to unauthorized access) that lets an authorized attacker gain higher-level privileges on a local computer. This vulnerability is actively being exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited Vulnerabilities