All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
DiffHash is a new attack method that can fool deep hashing models (AI systems used to quickly search through large collections of images) by generating adversarial examples (slightly modified images that trick AI systems). Unlike older attacks that simply change individual pixels, DiffHash uses text descriptions from a Large Language Model to guide the creation of fake images that appear normal to humans but cause the hashing model to return wrong search results for a target image.
According to Stanford economist Mordecai Kurz, tech billionaires are concentrating technological power in a way that weakens democracy, similar to patterns seen during industrialization and the first Gilded Age. Kurz argues that tech moguls often see themselves as superior beings meant to reshape society, citing examples like Anthropic's CEO claiming AI could become a transcendent good while potentially causing mass unemployment.
OpenAI and Dell Technologies are partnering to let businesses use Codex (an AI tool that writes and understands code) in their own private data centers and hybrid environments (networks that combine on-site systems with cloud services) rather than only in the cloud. This allows companies to keep sensitive data secure while using Codex across their existing tools and workflows for both coding tasks and broader business automation.
Organizations buy many security tools to address threats, but this approach fails because companies lack visibility, a unified understanding of their entire IT environment and what each tool is actually monitoring. Attackers exploit the gaps between tools by moving through systems using legitimate access rather than breaking through defenses, meaning the real security problem isn't inadequate tools but an incomplete map of what's happening across all systems.
This article covers a legal dispute between Elon Musk and Sam Altman over OpenAI's conversion from a nonprofit to a for-profit company. Musk founded OpenAI in 2015 with Altman to prevent Google from monopolizing AI technology, but sued in 2024 claiming they violated their commitment to keep it nonprofit, while Altman argues no such commitment was ever made. The article focuses on their trial testimony rather than any technical AI issue or security concern.
Google has introduced Gemini Omni Flash, a new AI model that can generate and edit videos from text, images, audio, or video inputs combined together. The model uses reasoning about physics and real-world knowledge to create realistic videos and allows users to edit them through natural language conversation (giving text instructions rather than using traditional editing tools), with changes building on each other while maintaining consistency in characters, physics, and scene details.
This research addresses a security weakness in neural steganography (hiding secret messages inside audio files using AI networks), where sender and receiver models must stay perfectly synchronized, creating risks of information leakage. The researchers propose a decoupled framework based on the destruction-restoration principle, where embedding works through a destructive operation and recovery uses a separate neural network, allowing the sender to change their embedding network without breaking the receiver's ability to extract the hidden message.
This research paper describes a new attack called Knowledge Transfer Attack (KTA) that can steal private labels (the correct answers or classifications) from graph-based vertical federated learning (GVFL, a system where multiple parties collaborate on machine learning while keeping their data private). Unlike previous attacks that required unrealistic access to training data or labeled examples, KTA only needs auxiliary graphs from unrelated domains to infer the private labels, making it a more practical threat to real-world GVFL systems.
Website fingerprinting (WF) attacks identify which websites users visit on Tor, a privacy network, but struggle when traffic patterns differ between training and real-world scenarios. This research presents UDA-WF, a new method using unsupervised domain adaptation (a machine learning technique that helps models work across different data distributions) to identify websites more efficiently with less training data. UDA-WF reduces the auxiliary data needed by 95% while maintaining 97.37% accuracy.
This research proposes ByITFL and LoByITFL, two new federated learning (FL, a method where multiple computers train an AI model together without sharing raw data) schemes that protect user privacy while defending against Byzantine users (participants who send corrupted or malicious data). ByITFL uses Lagrange coded computing (a technique that spreads data across multiple servers to protect it) and re-randomization to achieve perfect privacy but requires significant communication overhead, while LoByITFL reduces communication costs but requires a Trusted Third Party (TTP, an external organization that users must trust) for one-time setup before training begins.
Backdoor attacks (hidden triggers that manipulate AI model predictions while keeping normal performance intact) are a serious security threat to deep neural networks (machine learning models with many layers). This paper presents PVDI, a defense method that removes backdoors by selectively preserving important attention patterns (the AI's focus on relevant input features) while disrupting irrelevant ones, successfully reducing attack success rates without hurting the model's normal performance.
ParaVul is a framework that uses LLMs (large language models, AI systems trained on huge amounts of text) combined with RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) to detect vulnerabilities in smart contracts (self-executing programs on blockchain networks). The framework improves detection accuracy and reduces computational costs by using a new fine-tuning technique called SLoRA (Sparse Low-Rank Adaptation) and combining multiple detection methods through a verification module.
Network traffic patterns constantly change, causing traditional malicious traffic detection systems to become less effective over time, a problem called concept drift (when the patterns an AI learned on no longer match real-world data). Researchers developed Argus, a framework that automatically detects when traffic patterns shift, identifies new malicious patterns without human help, and continuously updates itself to maintain high detection accuracy even as attacks evolve.
Face-swapping deepfakes (AI-generated videos or images where one person's face is replaced with another) are widely misused for fraud and misinformation, and while detection tools exist, there has been little work on tracing and recovering the original face that was replaced. This paper presents FaceReclaim, a new AI method that uses diffusion models (neural networks trained to gradually refine noisy images into clear ones) to restore the original face from a deepfaked image by separating facial attributes like expressions from identity information.
AI agents (autonomous programs that can perform tasks with minimal human direction) are becoming sophisticated enough to find and exploit obscure vulnerabilities (weaknesses in software), while at the same time developers are creating enormous amounts of AI-generated code that may contain bugs. This combination is forcing security teams to develop new defense strategies.
Researchers have developed CrossMPI, an image-based prompt injection attack (tricking an AI by hiding instructions in its input) that uses nearly invisible changes to images to manipulate how multimodal AI systems (AI that processes both images and text) interpret user instructions without modifying the text itself. The attack successfully fooled multiple vision-language models (AI systems that understand both images and text) about 66% of the time by targeting the intermediate layers where visual and textual information are combined, posing growing security risks as enterprises increasingly adopt multimodal AI systems.
AI-assisted coding is causing a rapid increase in leaked secrets (authentication credentials and API keys), with AI-related secrets exposed jumping 81% in 2025 alone, because developers prioritize speed and functionality over security reviews. When secrets are discovered, organizations should treat them as security incidents, immediately revoking or disabling the exposed credential, generating a new one, investigating system impact, performing cleanup, and hardening systems, followed by post-mortems to improve processes.
Fix: When a leaked secret is detected, organizations should: (1) activate their incident response process immediately; (2) revoke or disable the secret and generate a new one; (3) have the incident response team and R&D investigate the impact across systems and data; (4) perform cleanup and hardening; and (5) conduct post-mortems and implement necessary updates to systems or policies based on lessons learned. The source notes that the CISO office typically coordinates incidents while the R&D team owns actual revocation and cleanup.
CSO OnlineSouth Korea is using its upcoming local elections as a test case to see whether laws can effectively stop deepfakes (fake videos or audio created using AI to manipulate what people look like or sound like). The country is examining whether regulation can reduce the spread of these manipulated media during elections.
This research paper, published in May 2026, discusses a system that automatically chooses appropriate security protections to reduce risks in software applications. The work addresses how to match the right defensive techniques to specific vulnerabilities without requiring manual human selection.
This academic article examines how to secure business communications by combining human-focused practices with new research findings. The work suggests that protecting enterprise systems requires attention to both the people using them and technological solutions.