aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2892 items

Critical Nginx UI auth bypass flaw now actively exploited in the wild

criticalnews
security
Apr 15, 2026

A critical vulnerability in Nginx UI (CVE-2026-33032) leaves an unprotected endpoint that allows attackers to invoke privileged actions without logging in, enabling complete takeover of the web server by modifying configuration files. The flaw is being actively exploited in the wild, with over 2,600 publicly exposed instances at risk. Nginx UI is a popular web-based management interface for the Nginx web server, used by many organizations to control their servers.

Fix: Nginx released a fix in version 2.3.4 on March 15. The latest secure version is 2.3.6, released the week after the source was published. System administrators are recommended to apply these security updates as soon as possible.

BleepingComputer

Critical nginx UI tool vulnerability opens web servers to full compromise

criticalnews
security
Apr 15, 2026

A critical vulnerability in nginx UI, a dashboard tool for managing nginx web servers, allows attackers to bypass security by accessing an unprotected endpoint called /mcp_message. This endpoint was added to support MCP (Model Context Protocol, a system that lets web servers communicate with AI models), but it lacks authentication, letting anyone on the network inject malicious configurations and completely take over the server.

Google launches a Gemini AI app on Mac

infonews
industry
Apr 15, 2026

Google is releasing a new Gemini app for Mac that lets you quickly access the AI assistant using a keyboard shortcut (Option + Space) to open a floating chat window without leaving your current app. The app can read information from your screen to help answer questions, but requires you to grant permission to access your system's information first.

Starbucks launches beta app in ChatGPT to fuel new drink discovery

infonews
industry
Apr 15, 2026

Starbucks has launched a beta app within ChatGPT (an AI chatbot) that helps customers discover new drinks by describing how they feel rather than browsing a menu. Customers can customize orders and select a location within ChatGPT, but must complete their purchase through the Starbucks app or website to maintain engagement with the company's loyalty program. This move is part of Starbucks' broader strategy to attract customers back to its cafes and appeal to younger consumers who prefer unique beverages.

Gemini 3.1 Flash TTS

infonews
industry
Apr 15, 2026

Google released Gemini 3.1 Flash TTS, a new text-to-speech model that generates audio from text using prompts sent through the standard Gemini API. Unlike typical AI models, this one accepts detailed creative instructions (called prompts) to control how the audio sounds, including vocal style, pace, accent, and emotional tone, allowing users to create speech with specific characteristics like a particular regional accent or energetic delivery.

Gemini 3.1 Flash TTS

infonews
industry
Apr 15, 2026

This item is a brief announcement about Gemini 3.1 Flash TTS (a text-to-speech feature for Google's Gemini AI model) posted on April 15, 2026. The content provided is primarily metadata and sponsorship information rather than substantive technical details about the feature or any security issue.

Gemini 3.1 Flash TTS: the next generation of expressive AI speech

infonews
industry
Apr 15, 2026

Google has released Gemini 3.1 Flash TTS, a new text-to-speech model (software that converts written text into spoken audio) that produces more natural-sounding speech with better control over how the AI speaks. Developers can now use audio tags (special commands embedded in text) to adjust vocal style, pace, and delivery across over 70 languages, and all generated audio is watermarked with SynthID (a hidden marker that identifies AI-generated content) to help prevent misinformation.

ChatGPT’s latest stylistic quirk is sinister, infuriating – and absolutely everywhere | Stuart Heritage

infonews
safety
Apr 15, 2026

A writer notices that ChatGPT and other AI systems are producing content using the rhetorical pattern "it's not X, it's Y" so frequently that this phrasing has become ubiquitous online, appearing in social media posts, fitness classes, and TV shows. The author compares this experience to obsessively noticing a specific detail until it dominates their perception, making the repetitive AI-influenced writing style impossible to ignore.

Capsule Security Emerges From Stealth With $7 Million in Funding

infonews
security
Apr 15, 2026

Capsule Security, an Israeli startup, has raised $7 million in funding to develop technology that secures AI agents (AI systems designed to perform tasks independently) by continuously monitoring their behavior at runtime (while the AI is actually running) to prevent unsafe or harmful actions.

‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

highnews
security
Apr 15, 2026

Researchers have identified a flaw in Anthropic's Model Context Protocol (MCP, a system that allows AI models to interact with external tools and data) that permits unsanitized commands (user input that hasn't been cleaned or verified) to run without warning, potentially giving attackers complete control over systems using this AI technology. This vulnerability could be exploited across many widely-used AI environments as part of a supply chain attack (where attackers compromise a tool or service used by many organizations to gain access to their systems).

Adobe embraces conversational AI editing, marking a ‘fundamental shift’ in creative work

infonews
industry
Apr 15, 2026

Adobe is launching a Firefly AI Assistant that lets creators edit their work by describing changes in plain language rather than manually using specific tools in Creative Cloud (Adobe's suite of creative software). Adobe says this conversational AI approach represents a major shift in how creative work is done by making editing easier and more accessible to people without advanced skills.

OpenAI pulls back from Stargate Norway data center deal as Microsoft takes over

infonews
industry
Apr 15, 2026

OpenAI has withdrawn from a deal to rent computing capacity directly from a Norwegian data center facility called Stargate Norway, with Microsoft taking over the capacity instead. OpenAI will now rent computing power from Microsoft instead, which the company says makes more financial sense since it already has a $250 billion contract with Microsoft's cloud service Azure (a cloud computing platform). This pullback is part of OpenAI's broader shift to manage spending expectations as it prepares for a potential public stock offering.

Copilot and Agentforce fall to form-based prompt injection tricks

highnews
security
Apr 15, 2026

Security researchers discovered prompt injection vulnerabilities (attacks where malicious instructions are hidden in user input to trick an AI into executing them) in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to steal sensitive data like customer names, addresses, and phone numbers. Both vulnerabilities exploit the fact that these AI agents cannot distinguish between trusted system instructions and untrusted user input, allowing attackers to override the agent's original purpose and exfiltrate data to external servers.

Retaining defensive advantage in the age of frontier AI cyber capabilities 

inforegulatory
policysecurity

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

highnews
security
Apr 15, 2026

Salesforce and Microsoft recently fixed two prompt injection vulnerabilities (security flaws where attackers hide malicious instructions in text inputs to trick AI systems) in their AI agent products, Agentforce and Copilot. These flaws could have allowed external attackers to access and steal sensitive data from users.

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

infonews
securityindustry

Grok’s sexual deepfakes almost got it banned from Apple’s App Store. Almost. 

infonews
safetypolicy

The next evolution of the Agents SDK

infonews
industry
Apr 15, 2026

OpenAI introduced new capabilities to the Agents SDK, a toolkit for developers building AI agents that can work with files and run commands on computers. The update includes a model-native harness (a framework optimized for OpenAI models) and native sandbox execution (a controlled, isolated computer environment where agents can safely run code and access files). The SDK aims to bridge the gap between flexibility and production-readiness by providing developers with standardized infrastructure that keeps agents aligned with how frontier models (the most advanced AI models available) work best.

The deepfake dilemma: From financial fraud to reputational crisis

infonews
securitysafety

The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

infonews
safetypolicy
Previous69 / 145Next

Fix: Update to version 2.3.4, released March 15. For systems that cannot patch immediately, disable MCP or restrict access by using IP whitelisting to allow only trusted hosts, and review access logs for suspicious configuration changes.

CSO Online
The Verge (AI)
CNBC Technology
Simon Willison's Weblog
Simon Willison's Weblog
DeepMind Safety Research
The Guardian Technology
SecurityWeek
SecurityWeek
The Verge (AI)
CNBC Technology

Fix: Microsoft patched CVE-2026-21520 following disclosure, with the mitigation carried out internally and no further action required from users. The source notes that both vulnerabilities highlight a baseline need for treating all external inputs as untrusted and enforcing input validation, least-privilege access (giving systems only the minimum permissions they need), and strict controls on actions like outbound email, though no specific patch details are provided for the Salesforce vulnerability.

CSO Online
Apr 15, 2026

Frontier AI models (cutting-edge artificial intelligence systems) are becoming better at finding vulnerabilities (weaknesses in code that attackers can exploit), which creates both opportunity and risk. While AI can help organizations identify and fix these weaknesses, attackers can now use AI to discover and exploit vulnerabilities faster and cheaper than before, putting pressure on organizations to patch systems quickly. The recommended defense is for organizations to follow established best practices from the National Cyber Security Centre, including reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for malicious activity.

Fix: Organizations should follow established good practices set out by the National Cyber Security Centre, which include: reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for and quickly responding to malicious activity detected. Additionally, organizations should pursue government-backed certifications such as Cyber Essentials, and access guidance and tools available on the NCSC website.

UK NCSC
Dark Reading
Apr 15, 2026

Organizations are rapidly adopting AI for security testing, but fully agentic AI systems (where AI makes all decisions from start to finish) create a problem: they produce different results each time they run, making it impossible to tell if security actually improved or if the AI just tried a different approach. The source argues that a hybrid model works better, where deterministic logic (fixed, repeatable sequences) defines how security tests execute, while AI enhances specific parts like adapting payloads and interpreting what it finds.

The Hacker News
Apr 15, 2026

Apple threatened to remove Elon Musk's AI app, Grok, from its App Store in January because it wasn't stopping nonconsensual sexual deepfakes (fake sexually explicit images created using AI) from spreading on X. Apple contacted the developers behind X and Grok and asked them to create a plan to improve their content moderation (systems for reviewing and removing harmful material).

Fix: Apple demanded that the developers 'create a plan to improve content moderation,' according to a letter the company sent to US senators.

The Verge (AI)

Fix: The Agents SDK includes several built-in protections: 'Separating harness and compute helps keep credentials out of environments where model-generated code executes.' The SDK also supports 'built-in snapshotting and rehydration' so 'the Agents SDK can restore the agent's state in a fresh container and continue from the last checkpoint if the original environment fails or expires.' Additionally, developers can configure sandbox execution with 'Blaxel, Cloudflare, Daytona, E2B, Modal, Runloop, and Vercel' providers, and the SDK provides a 'Manifest abstraction for describing the agent's workspace' to control access to files and data.

OpenAI Blog
Apr 15, 2026

Deepfake technology (AI-generated fake audio or video of people) has become cheap, accessible, and realistic enough to fool many employees and executives, with 43% of cybersecurity leaders experiencing audio deepfakes and 37% experiencing video deepfakes in 2025. Deepfakes are now used for financial fraud (by impersonating executives to approve fund transfers) and reputational attacks (by spreading false videos to damage trust with investors and customers), and traditional ways of spotting fakes, like looking for obvious flaws, no longer work reliably.

CSO Online
Apr 15, 2026

Teenage boys are using AI "nudify" apps to create deepfake sexual imagery (fake nude photos or videos created by AI) of their female classmates, which are then shared on social media and messaging apps. Since 2023, this has affected over 600 students across at least 28 countries and nearly 90 schools, with the true scale likely much higher. The explicit imagery involving minors constitutes child sexual abuse material (CSAM), and schools and law enforcement are often unprepared to respond to these serious incidents.

Wired (Security)