AI Sec Watch: A Security Intelligence Platform for AI Systems

Name: AI Sec Watch Dataset: AI/LLM Security Threat Intelligence
Creator: Truong (Jack) Luu
Published: 2025-01-01
License: https://creativecommons.org/licenses/by/4.0/

Luu, T.J.; Luu, T.J.

AI Sec Watch Dataset

A security intelligence platform that aggregates, classifies, and enriches AI and LLM security data from 45+ sources. Each record includes 48 structured fields with LLM-based classification, EPSS scores, CISA KEV status, CAPEC mappings, and MITRE ATLAS technique IDs. Built by an Information Systems Security researcher to help security teams and developers stay ahead of the AI threat landscape.

Full Dataset Export

2,479 issues, 48 fields per record, CC-BY-4.0 licensed

CSV JSON JSONL

2,479

Total Items

45

Data Sources

48

Fields per Item

Oct 2012 -- Mar 2026

Date Coverage

Mar 21, 2026

Last Updated

CC-BY-4.0

License

Programmatic Access

/api/v1/issuesFilterable, paginated JSON with all enrichment fields

/api/issues/exportFull dataset download as comma-separated values

/api/v1/issues/stixThreat intelligence format for MISP and OpenCTI

No authentication required. 60 requests per minute. CORS enabled. Full API docs

Quick Start

import pandas as pd

# Load full dataset (CSV)
df = pd.read_csv("https://aisecwatch.com/api/issues/export")

# Or use the JSON API with filtering
import requests

resp = requests.get("https://aisecwatch.com/api/v1/issues", params={
    "severity": "critical",
    "limit": 100,
})
data = resp.json()["data"]

No API key required. 60 requests/minute. All data CC-BY-4.0.

How It Works

1.Collect

36 active data sources monitored every hour, including NVD, CISA KEV, GitHub Advisory, arXiv, and 20+ cybersecurity and AI news feeds. View all sources.

2.Deduplicate

Incoming items are deduplicated by URL and CVE ID to prevent double-counting.

3.Classify

Each item is processed by an LLM using a versioned prompt (currently v3) that assigns severity, issue type, attack type, affected vendors, and a confidence score (0–1).

4.Enrich

Vulnerabilities with CVE IDs are enriched with EPSS exploit probability scores (FIRST API), CISA Known Exploited Vulnerabilities catalog status, CWE-to-CAPEC attack pattern mapping, and CVSS vector parsing.

5.Deliver

Data is accessible via the web interface, public REST API (60 req/min, CORS enabled), STIX 2.1 threat intelligence feed, webhooks with HMAC-SHA256 signing, RSS feeds by category, CSV export, and weekly email newsletters.

Enrichment Details

EPSS

Exploit Prediction Scoring System

30-day exploit probability from FIRST. Scores range from 0 to 1, indicating how likely a vulnerability is to be exploited in the wild within the next 30 days.

CISA KEV

Known Exploited Vulnerabilities Catalog

Known exploitation status from CISA, including whether the vulnerability has been observed in active exploitation and whether it is associated with ransomware campaigns.

CAPEC

Common Attack Pattern Enumeration and Classification

Attack pattern taxonomy mapping derived from CWE IDs. Maps weaknesses to known attack patterns to help defenders understand exploitation techniques.

CVSS v3.x

Common Vulnerability Scoring System

Vector string parsing for attack characteristics including attack vector, complexity, privileges required, user interaction, and impact metrics.

MITRE ATLAS

Adversarial Threat Landscape for AI Systems

AI/ML-specific attack taxonomy mapping. Attack types identified by the classifier are mapped to ATLAS technique IDs, enabling alignment with enterprise AI risk frameworks.

What's Included

Core Fields

Title, summary, solution
Source name and URL
CVE ID, severity, issue type
Labels, affected vendors
Published and processed dates

Enrichment Fields

EPSS exploit probability score
CISA KEV exploitation status
CAPEC attack pattern IDs
MITRE ATLAS technique IDs
CVSS vector and parsed components

Classification Fields

Attack sophistication level
Impact type (CIA + safety)
AI component targeted
LLM-specific flag
Research category (peer-reviewed, preprint, industry, blog)
Classifier confidence (0-1)

Metadata & Derived Fields

Cross-reference count
Exploit maturity status
Patch availability
Disclosure date
Source priority level (1-3)
Severity source (CVSS, LLM, or none)
Issue type source (override, CVE-inferred, LLM)
Source category (academic, news, vendor, etc.)

Documentation

API Documentation

Endpoints, parameters, examples

Data Sources

45 sources with live health status

Statistics

Trends, distributions, analytics

How to Cite

If you reference AI Sec Watch or use its dataset in academic work, industry reports, or threat intelligence analysis, please use one of the citation formats below. You can copy the citation text or download it as a file for import into your reference manager (Zotero, Mendeley, EndNote, etc.).

Citing the Platform

Use this when referencing the AI Sec Watch website, its intelligence feed, or its methodology.

@misc{luu2026aisecwatch,
  author       = {Luu, T.J.},
  title        = {{AI Sec Watch}: A Security Intelligence Platform for {AI} Systems},
  year         = {2026},
  url          = {https://aisecwatch.com},
  note         = {Accessed: 2026-03-21}
}

Citing the Dataset

Use this when using exported data (CSV, JSON, JSONL) from AI Sec Watch in quantitative analysis or machine learning experiments.

@misc{luu2026aisecwatch_dataset,
  author       = {Luu, T.J.},
  title        = {{AI Sec Watch Dataset}: Structured {AI} Security Threat Intelligence},
  year         = {2026},
  url          = {https://aisecwatch.com/api-docs},
  note         = {45 fields per issue. Available in CSV, JSON, JSONL. Accessed: 2026-03-21}
}

Example Usage in a Paper

Data source description: “We collected AI security threat intelligence from AI Sec Watch (Luu, 2026), a platform that aggregates and classifies vulnerabilities from 45+ sources using LLM-based classification.”
Dataset reference: “The AI Sec Watch Dataset (Luu, 2026) contains 2,479 structured records with 48 fields per issue, including EPSS scores, CISA KEV status, and MITRE ATLAS technique mappings.”
API reference: “Threat data was retrieved via the AI Sec Watch REST API (Luu, 2026), which provides structured JSON responses with enrichment from EPSS, CISA KEV, and MITRE ATLAS.”

Maintained By

Truong (Jack) Luu

Ph.D. candidate, Information Systems, University of Cincinnati

Research focus: AI security, LLM vulnerabilities, information privacy

jackluu.io ORCID Google Scholar