aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Industry News

New tools, products, platforms, funding rounds, and company developments in AI security.

to
Export CSV
2909 items

LangChain path traversal bug adds to input validation woes in AI pipelines

highnews
security
Mar 30, 2026

LangChain and LangGraph, popular AI frameworks that connect AI to business systems, have critical security flaws that allow attackers to steal sensitive data like API keys and files through improper input handling. The newest vulnerability is a path traversal bug (CVE-2026-34070, a CVSS 7.5 severity rating measuring how serious a flaw is) where attackers can read files by crafting malicious input, while two older flaws enable data theft through unsafe deserialization (treating untrusted data as safe) and SQL injection (manipulating database queries). The maintainers have released fixes that need to be applied immediately to prevent exploitation.

Fix: The source explicitly recommends the following mitigations: For path traversal, enforce allowlists for file access and restrict directory boundaries. For deserialization vulnerabilities, avoid unsafe deserialization methods and ensure only validated, expected data structures are processed. For SQL injection, use parameterized queries (pre-structured database requests that safely handle user input) and strengthen input sanitization. The source notes that fixes from the tools' maintainers are now available but must be applied immediately across integrations.

CSO Online

Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases

infonews
securityindustry

APIs are the new perimeter: Here’s how CISOs are securing them

infonews
security
Mar 30, 2026

Attackers are increasingly targeting APIs (application programming interfaces, the tools that let software systems communicate with each other) instead of traditional endpoints, and many organizations have hundreds or thousands of APIs that lack proper security controls. Traditional security tools like EDR (endpoint detection and response, software that monitors computers for attacks) and WAFs (web application firewalls, systems that filter web traffic) often miss API attacks because they cannot understand the business logic being abused, and 95% of API attacks come from authenticated users with stolen credentials or API keys.

Mistral secures $830 million in debt financing to fund AI data center

infonews
industry
Mar 30, 2026

Mistral, a French AI startup, secured $830 million in debt financing to build a data center powered by thousands of Nvidia graphics processing units (GPUs, specialized chips used for AI training). The new data center near Paris will support training of Mistral's large language models (LLMs, AI systems trained on vast amounts of text) and will become operational in the second quarter of 2025, with plans to expand European computing capacity to 200 MW by the end of 2027.

llm-mrchatterbox 0.1

infonews
industry
Mar 29, 2026

This item is a sponsorship announcement for an LLM (large language model) monthly briefing curated by Simon Willison, posted on March 30, 2026. It offers subscribers a $10/month email digest of important LLM developments. The announcement includes a playful tagline suggesting the service reduces information overload.

All the latest in AI ‘music’

infonews
industrypolicy

Helping disaster response teams turn AI into action across Asia

infonews
industry
Mar 29, 2026

OpenAI and partner organizations held an 'AI Jam' workshop in Bangkok with 50 disaster management leaders from 13 Asian countries to explore practical ways AI can improve emergency response. The workshop focused on building custom GPTs (generalized pre-trained transformer models, or AI tools trained on broad data) and workflows for tasks like situation reporting and needs assessment, addressing how disaster response teams in resource-constrained environments with fragmented data can work faster and more effectively.

Bluesky’s new app is an AI for customizing your feed

infonews
industry
Mar 29, 2026

Bluesky has released Attie, a new AI assistant powered by Claude (Anthropic's language model) that helps users create custom feeds using natural language instructions instead of traditional algorithmic settings. Users can describe what content they want to see, like 'posts about folklore, mythology, and traditional music, especially Celtic traditions,' and Attie builds a personalized feed based on that description, with plans to integrate it into Bluesky and other apps built on the AT Protocol (Bluesky's underlying technical foundation).

TikTok’s policy for AI ads isn’t working

infonews
policysafety

The Iran war is defense tech's chance to shine, but few systems and weapons are ready

infonews
industry
Mar 28, 2026

The Iran war is driving demand for lower-cost military technology, particularly drones and counter-drone systems, as the U.S. military realizes it cannot afford expensive responses to cheap threats. Defense tech companies like Anduril, Palantir, and others are gaining Pentagon contracts to develop systems such as LUCAS (a low-cost drone costing about $35,000) and laser counter-drone technology, though these tools currently represent less than 1% of overall defense spending.

Why OpenAI killed Sora

infonews
industry
Mar 28, 2026

OpenAI discontinued its Sora video-generation app and canceled plans to add video generation to ChatGPT, also ending a $1 billion deal with Disney. The company made these decisions because Sora was consuming large amounts of computational resources without generating enough revenue to justify the expense, as OpenAI focuses on becoming profitable.

‘They feel true’: political deepfakes are growing in influence – even if people know they aren’t real

infonews
safetypolicy

STADLER reshapes knowledge work at a 230-year-old company

infonews
industry
Mar 27, 2026

STADLER, a 230-year-old recycling equipment company, embedded ChatGPT (an AI language model that generates human-like text) across its workforce to speed up knowledge work like drafting, summarizing, and translating. The company achieved 30-40% time savings on common tasks, 2.5x faster first drafts, and 85% daily active usage by providing company-wide access, training, and clear guardrails while encouraging bottom-up experimentation.

The latest in data centers, AI, and energy 

infonews
policyindustry

Cybersecurity stocks fall on report Anthropic is testing a powerful new model

infonews
industry
Mar 27, 2026

Anthropic is testing a new AI model called Mythos that has advanced cybersecurity capabilities but also poses security risks, causing the company to plan a slow rollout. The announcement led to significant stock price drops for major cybersecurity companies, as investors worry that powerful AI tools could make hacking easier and disrupt the cybersecurity industry.

In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline

infonews
safetyindustry

Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.

infonews
industry
Mar 27, 2026

GRC professionals (those working in governance, risk, and compliance) have access to agentic AI (AI systems that can autonomously complete full workflows rather than just speed them up), but many hesitate to adopt it because they derive their identity and sense of value from the operational work that these agents would replace. The article argues that GRC was originally designed to help organizations understand and manage risk, not to do evidence collection and compliance tasks, and that agents can't function without human insight to define what success looks like, decide acceptable risk levels, and validate outputs.

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

infonews
securitypolicy

Wikipedia bans AI-generated content in its online encyclopedia

infonews
policy
Mar 27, 2026

Wikipedia has banned the use of LLMs (large language models, the AI systems behind tools like ChatGPT) for generating or rewriting article content, as the site's volunteer editors voted that AI often violates Wikipedia's core principles. Two exceptions allow AI for translations and minor copy edits to editors' own writing, though Wikipedia cautions that LLMs can accidentally change meaning or add unsupported information beyond what was requested.

Trump's Iran extension, DHS funding deal, Anthropic's injunction and more in Morning Squawk

infonews
policyindustry
Previous85 / 146Next
Mar 30, 2026

Anthropic's unreleased AI model, codenamed Mythos, was accidentally exposed through a configuration error in its content management system (CMS, software that organizes and stores digital content), revealing a more powerful LLM with advanced reasoning and coding abilities. The leak raises security concerns because the model's improved skills at finding and exploiting software vulnerabilities could make cyberattacks easier while also helping defenders, and its capability for recursive self-fixing (autonomously identifying and patching its own code problems) narrows the gap between human and AI-level hacking. Anthropic plans a phased rollout targeting enterprise security teams first before broader release.

CSO Online
CSO Online
CNBC Technology
Simon Willison's Weblog
Mar 29, 2026

AI is now being used throughout the music industry for tasks like creating songs, building playlists, and detecting AI-generated content, but this raises major concerns about copyright (legal ownership of creative work), whether AI outputs are truly art, and whether AI-generated music will flood the market and harm human musicians. The music industry is divided, with some platforms like Apple Music and Deezer adding labels to identify AI music, while others like Bandcamp have banned AI content entirely, and major record labels are pursuing lawsuits against AI music companies.

The Verge (AI)
OpenAI Blog
The Verge (AI)
Mar 28, 2026

Companies like Samsung are posting ads on TikTok that appear to be made with generative AI (AI systems that create images or videos from text descriptions), but they're not adding the required AI disclosure labels that TikTok's advertising policies demand. This means users can't easily tell whether the ads they see are AI-generated or made by humans, even though the companies creating them know the truth.

The Verge (AI)
CNBC Technology
The Verge (AI)
Mar 28, 2026

AI researchers report that online creators are using generative AI (artificial intelligence that creates images or videos from text descriptions) to produce fake images and videos of real political figures and entirely fabricated people, sometimes in military or sexualized contexts, to earn money and spread propaganda. These deepfakes (AI-generated fake media of people) are influential in shaping public perception of political figures, even when viewers know the content is not real.

The Guardian Technology
OpenAI Blog
Mar 27, 2026

Large data centers that power AI systems require massive amounts of electricity and resources, creating conflicts with communities, power grids, and the environment worldwide. Tech companies are expanding these facilities rapidly, leading to legal battles, environmental concerns, and pushback from local communities over issues like electricity costs, water usage, and pollution.

The Verge (AI)
CNBC Technology
Mar 27, 2026

This article briefly mentions several security-related news items including a Heritage Bank data breach, a new State Department cyber threat unit, and LA Metro disruptions, along with stories about a Palo Alto recruiter scam, an anti-deepfake chip (technology designed to detect AI-generated fake videos), and Google's quantum computing deadline for 2029. The content provided is minimal and does not go into detail about any of these incidents.

SecurityWeek
BleepingComputer
Mar 27, 2026

OpenAI has started a bug bounty program, which is a system where security researchers can report problems and receive rewards for finding them. The program focuses on design or implementation issues (flaws in how the AI is built or how it works) that could cause serious harm through misuse or safety problems.

SecurityWeek
The Guardian Technology
Mar 27, 2026

This newsletter covers multiple news items including government funding, AI policy, and financial news. Notably, Anthropic, an AI company, won a court injunction against the Pentagon's blacklisting after disagreeing over safeguards that would limit its AI systems for surveillance and autonomous weapons, with the judge calling the blacklisting 'classic illegal First Amendment retaliation.'

CNBC Technology