AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Statistics

Threat intelligence overview across all tracked AI security items.

2,479

Total Items

8

Actively Exploited

0

Unpatched Critical/High

156

Last 7 Days

Top 10 CVEs by Exploit Probability (EPSS)

CVE	Title	EPSS	Severity	Exploit	Patched
CVE-2024-37032	CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,	93.8%	high		—
CVE-2024-1561	CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of	93.6%	high		—
CVE-2023-1177	CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.	93.3%	critical		—
CVE-2023-51409	CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect	92.8%	critical		—
CVE-2023-49785	CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2	92.6%	critical		—
CVE-2023-3765	CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	92.1%	critical		—
CVE-2025-3248	CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and	92.1%	critical	🔥 Actively Exploited	—
CVE-2023-43654	CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper	91.6%	critical		—
CVE-2024-2928	CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix	91.6%	high		—
CVE-2023-6018	CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.	91.3%	critical		—

CVE-2024-3703293.8%

CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,

high

CVE-2024-156193.6%

CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of

high

CVE-2023-117793.3%

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

critical

CVE-2023-5140992.8%

CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect

critical

CVE-2023-4978592.6%

CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2

critical

CVE-2023-376592.1%

CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

critical

CVE-2025-324892.1%

CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and

critical🔥 Actively Exploited

CVE-2023-4365491.6%

CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper

critical

CVE-2024-292891.6%

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix

high

CVE-2023-601891.3%

CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.

critical

This Week vs Last Week

Total Items

153vs 155

-1%(day 6 of 7)

Critical + High

33vs 18

+83%(day 6 of 7)

Vulnerabilities

34vs 20

+70%(day 6 of 7)

Research

25vs 2

+1150%(day 6 of 7)

Attack Type	This Week	Last Week	Change
Supply Chain	17	15	+13%
Other	13	6	+117%
Prompt Injection	12	13	-8%
Data Extraction	6	3	+100%
Model Evasion	4	1	+300%

Classification Analytics

LLM-classified attributes across all item types.

Attack Sophistication

Moderate1,789

Trivial581

Advanced109

AI Component Targeted

Framework680

API442

Agent338

Model232

Inference222

Training Data72

Plugin31

RAG31

Exploit Maturity

1,343

No Known Exploit

8

Actively Exploited

LLM-Specific vs General AI

913

LLM-Specific

1,566

General AI/ML

Vendor Vulnerability Breakdown

Vulnerabilities and incidents only (excludes news and research).

Vendor	Total	Critical	High	Medium	Low
HuggingFace	146	33	67	43	2
LangChain	145	50	53	40	2
NVIDIA	66	9	28	24	5
OpenAI	49	2	13	29	3
Microsoft	42	12	18	12	0
Google	41	6	23	9	2
Anthropic	38	13	17	7	1
LlamaIndex	11	3	7	0	1
Amazon	6	1	4	1	0
Apple	6	2	3	1	0
Meta	5	0	3	2	0
Stability AI	4	0	3	1	0

Coverage Summary

By Type

Regulatory69 Vulnerabilities1,382 Incidents5 Research160 News863

By Severity

medium580 info916 none1 high614 critical222 low146

Monthly Trend

All item types combined.

Month	Total Items	Critical + High
2025-04	30	9
2025-05	41	16
2025-06	28	10
2025-07	45	22
2025-08	84	60
2025-09	66	36
2025-10	68	29
2025-11	49	23
2025-12	83	27
2026-01	73	41
2026-02	468	93
2026-03	498	87

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity