AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Statistics

Threat intelligence overview across all tracked AI security items.

3,710

Total Items

11

Actively Exploited

0

Unpatched Critical/High

1

Last 7 Days

Top 10 CVEs by Exploit Probability (EPSS)

CVE	Title	EPSS	Severity	Exploit	Patched
CVE-2024-37032	CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,	93.8%	high		—
CVE-2024-1561	CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of	93.6%	high		—
CVE-2023-1177	CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.	93.3%	critical		—
CVE-2023-51409	CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect	92.8%	critical		—
CVE-2023-49785	CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2	92.6%	critical		—
CVE-2023-3765	CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	92.1%	critical		—
CVE-2025-3248	CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and	92.1%	critical	🔥 Actively Exploited	—
CVE-2023-43654	CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper	91.6%	critical		—
CVE-2024-2928	CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix	91.6%	high		—
CVE-2023-6018	CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.	91.3%	critical		—

CVE-2024-3703293.8%

CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,

high

CVE-2024-156193.6%

CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of

high

CVE-2023-117793.3%

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

critical

CVE-2023-5140992.8%

CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect

critical

CVE-2023-4978592.6%

CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2

critical

CVE-2023-376592.1%

CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

critical

CVE-2025-324892.1%

CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and

critical🔥 Actively Exploited

CVE-2023-4365491.6%

CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper

critical

CVE-2024-292891.6%

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix

high

CVE-2023-601891.3%

CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.

critical

This Week vs Last Week

Total Items

1vs 140

-99%(day 6 of 7)

Critical + High

0vs 38

-100%(day 6 of 7)

Vulnerabilities

0vs 40

-100%(day 6 of 7)

Research

0vs 1

-100%(day 6 of 7)

Attack Type	Last Week	Change
Model Evasion	1	-100%
PII Leakage	6	-100%
Model Theft	1	-100%
Model Poisoning	2	-100%
Supply Chain	22	-100%

Classification Analytics

LLM-classified attributes across all item types.

Attack Sophistication

Moderate2,638

Trivial858

Advanced213

Nation-State1

AI Component Targeted

Framework762

API684

Agent560

Model427

Inference334

Training Data103

RAG40

Plugin39

Exploit Maturity

1,622

No Known Exploit

11

Actively Exploited

LLM-Specific vs General AI

1,547

LLM-Specific

2,163

General AI/ML

Vendor Vulnerability Breakdown

Vulnerabilities and incidents only (excludes news and research).

Vendor	Total	Critical	High	Medium	Low
LangChain	281	81	117	72	11
HuggingFace	169	36	81	49	2
NVIDIA	76	10	36	25	5
OpenAI	64	2	21	35	3
Anthropic	54	14	25	13	1
Microsoft	51	13	25	13	0
Google	45	7	23	12	2
LlamaIndex	13	3	8	1	1
Amazon	8	2	5	1	0
Apple	6	2	3	1	0
Meta	5	0	3	2	0
Stability AI	4	0	3	1	0
xAI	3	0	0	0	0

Coverage Summary

By Type

Regulatory77 Vulnerabilities1,745 Incidents12 Research263 News1,613

By Severity

medium721 info1,658 none1 high872 critical291 low167

Monthly Trend

All item types combined.

Month	Total Items	Critical + High
2025-06	28	10
2025-07	45	22
2025-08	84	60
2025-09	67	36
2025-10	74	29
2025-11	50	23
2025-12	84	27
2026-01	83	41
2026-02	474	93
2026-03	761	162
2026-04	773	211
2026-05	170	41

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity