AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Statistics

Threat intelligence overview across all tracked AI security items.

4,897

Total Items

14

Actively Exploited

0

Unpatched Critical/High

177

Last 7 Days

Top 10 CVEs by Exploit Probability (EPSS)

CVE	Title	EPSS	Severity	Exploit	Patched
CVE-2024-37032	CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,	93.8%	high		—
CVE-2024-1561	CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of	93.6%	high		—
CVE-2023-1177	CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.	93.3%	critical		—
CVE-2023-51409	CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect	92.8%	critical		—
CVE-2023-49785	CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2	92.6%	critical		—
CVE-2023-3765	CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	92.1%	critical		—
CVE-2025-3248	CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and	92.1%	critical	🔥 Actively Exploited	—
CVE-2023-43654	CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper	91.6%	critical		—
CVE-2024-2928	CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix	91.6%	high		—
CVE-2023-6018	CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.	91.3%	critical		—

CVE-2024-3703293.8%

CVE-2024-37032: Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,

high

CVE-2024-156193.6%

CVE-2024-1561: An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of

high

CVE-2023-117793.3%

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

critical

CVE-2023-5140992.8%

CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affect

critical

CVE-2023-4978592.6%

CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2

critical

CVE-2023-376592.1%

CVE-2023-3765: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

critical

CVE-2025-324892.1%

CVE-2025-3248: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and

critical🔥 Actively Exploited

CVE-2023-4365491.6%

CVE-2023-43654: TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper

critical

CVE-2024-292891.6%

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fix

high

CVE-2023-601891.3%

CVE-2023-6018: An attacker can overwrite any file on the server hosting MLflow without any authentication.

critical

This Week vs Last Week

Total Items

173vs 176

-2%(day 7 of 7)

Critical + High

54vs 35

+54%(day 7 of 7)

Vulnerabilities

72vs 36

+100%(day 7 of 7)

Research

3vs 10

-70%(day 7 of 7)

Attack Type	This Week	Last Week	Change
Supply Chain	28	19	+47%
Data Extraction	18	5	+260%
Prompt Injection	14	13	+8%
Jailbreak	13	14	-7%
Other	12	10	+20%

Classification Analytics

LLM-classified attributes across all item types.

Attack Sophistication

Moderate3,497

Trivial1,058

Advanced341

Nation-State1

AI Component Targeted

API877

Framework830

Agent791

Model637

Inference412

Training Data156

RAG68

Plugin41

Exploit Maturity

1,898

No Known Exploit

14

Actively Exploited

LLM-Specific vs General AI

2,024

LLM-Specific

2,873

General AI/ML

Vendor Vulnerability Breakdown

Vulnerabilities and incidents only (excludes news and research).

Vendor	Total	Critical	High	Medium	Low
LangChain	375	102	169	93	11
HuggingFace	204	46	100	55	2
NVIDIA	87	12	43	27	5
OpenAI	74	2	29	36	3
Anthropic	68	15	33	17	2
Microsoft	64	13	33	18	0
Google	45	7	23	12	2
Amazon	17	3	13	1	0
LlamaIndex	14	3	8	2	1
Apple	6	2	3	1	0
Stability AI	6	0	4	2	0
Meta	5	0	3	2	0
xAI	3	0	0	0	0
Mistral	2	1	0	0	1

Coverage Summary

By Type

Regulatory90 Vulnerabilities2,078 Incidents14 Research436 News2,279

By Severity

medium830 info2,421 none1 high1,101 critical368 low176

Monthly Trend

All item types combined.

Month	Total Items	Critical + High
2025-07	45	22
2025-08	85	60
2025-09	68	36
2025-10	76	29
2025-11	64	23
2025-12	104	27
2026-01	87	41
2026-02	480	93
2026-03	794	162
2026-04	788	211
2026-05	743	230
2026-06	518	117

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Statistics

Top 10 CVEs by Exploit Probability (EPSS)EPSS (Exploit Prediction Scoring System) from FIRST.org. Estimates the probability a CVE will be exploited in the wild within the next 30 days, based on real-world exploit activity. Source: api.first.org/data/v1/epss

This Week vs Last Week

Classification Analytics

Attack SophisticationLLM-estimated skill level required to execute the attack: trivial (script-kiddie), moderate (skilled attacker), advanced (expert), or nation-state.

AI Component TargetedPrimary AI/ML component affected (e.g., model weights, training data, inference API, plugin, agent, RAG pipeline). Classified by LLM during processing.

Exploit MaturityDerived from the CISA Known Exploited Vulnerabilities (KEV) catalog and source advisory data. 'Active' = confirmed exploitation in the wild. 'Weaponized' = known ransomware or commodity malware use.

LLM-Specific vs General AIWhether the item specifically affects large language models (prompt injection, jailbreak, etc.) vs. general AI/ML systems (model poisoning, evasion, etc.). Classified by LLM during processing.

Vendor Vulnerability BreakdownCounts items where this vendor appears in the affected_vendors field AND the item is a vulnerability or incident (not news). Severity is assigned by LLM during classification.

Coverage Summary

By Type

By SeveritySeverity is assigned by LLM based on potential impact, exploitability, and scope. Not equivalent to CVSS severity. Spans all item types including news.

Monthly Trend

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity

Top 10 CVEs by Exploit Probability (EPSS)

Attack Sophistication

AI Component Targeted

Exploit Maturity

LLM-Specific vs General AI

Vendor Vulnerability Breakdown

By Severity