AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Statistics

Threat intelligence overview across all tracked AI security items.

3,601

Total Items

11

Actively Exploited

0

Unpatched Critical/High

154

Last 7 Days

Top 10 CVEs by Exploit Probability (EPSS)

CVE	Title	EPSS	Severity	Exploit	Patched
CVE-2024-37032	CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,	93.8%	high		—
CVE-2024-1561	CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of	93.6%	high		—
CVE-2023-1177	CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.	93.3%	critical		—
CVE-2023-51409	CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect	92.8%	critical		—
CVE-2023-49785	CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2	92.6%	critical		—
CVE-2023-3765	CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	92.1%	critical		—
CVE-2025-3248	CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and	92.1%	critical	🔥 Actively Exploited	—
CVE-2023-43654	CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper	91.6%	critical		—
CVE-2024-2928	CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix	91.6%	high		—
CVE-2023-6018	CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.	91.3%	critical		—

CVE-2024-3703293.8%

CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,

high

CVE-2024-156193.6%

CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of

high

CVE-2023-117793.3%

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

critical

CVE-2023-5140992.8%

CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect

critical

CVE-2023-4978592.6%

CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2

critical

CVE-2023-376592.1%

CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

critical

CVE-2025-324892.1%

CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and

critical🔥 Actively Exploited

CVE-2023-4365491.6%

CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper

critical

CVE-2024-292891.6%

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix

high

CVE-2023-601891.3%

CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.

critical

This Week vs Last Week

Total Items

46vs 169

-73%(day 2 of 7)

Critical + High

9vs 32

-72%(day 2 of 7)

Vulnerabilities

13vs 41

-68%(day 2 of 7)

Research

0vs 5

-100%(day 2 of 7)

Attack Type	This Week	Last Week	Change
Other	8	14	-43%
Supply Chain	5	20	-75%
Data Extraction	3	8	-62%
PII Leakage	2	0	+100%
Prompt Injection	2	11	-82%

Classification Analytics

LLM-classified attributes across all item types.

Attack Sophistication

Moderate2,557

Trivial844

Advanced199

Nation-State1

AI Component Targeted

Framework755

API664

Agent539

Model409

Inference319

Training Data98

RAG39

Plugin38

Exploit Maturity

1,598

No Known Exploit

11

Actively Exploited

LLM-Specific vs General AI

1,488

LLM-Specific

2,113

General AI/ML

Vendor Vulnerability Breakdown

Vulnerabilities and incidents only (excludes news and research).

Vendor	Total	Critical	High	Medium	Low
LangChain	271	77	112	71	11
HuggingFace	166	36	78	49	2
NVIDIA	76	10	36	25	5
OpenAI	64	2	21	35	3
Anthropic	54	14	25	13	1
Microsoft	46	13	20	13	0
Google	45	7	23	12	2
LlamaIndex	13	3	8	1	1
Amazon	8	2	5	1	0
Apple	6	2	3	1	0
Meta	5	0	3	2	0
Stability AI	4	0	3	1	0
xAI	2	0	0	0	0

Coverage Summary

By Type

Regulatory77 Vulnerabilities1,718 Incidents11 Research248 News1,547

By Severity

medium712 info1,588 none1 high849 critical285 low166

Monthly Trend

All item types combined.

Month	Total Items	Critical + High
2025-06	28	10
2025-07	45	22
2025-08	84	60
2025-09	67	36
2025-10	74	29
2025-11	50	23
2025-12	84	27
2026-01	78	41
2026-02	468	93
2026-03	761	162
2026-04	770	211
2026-05	75	12

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity