<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>AI Alert</title><description>An incident and vulnerability tracker for AI/ML systems. Model leaks, training-data exposures, jailbreak disclosures, ML library CVEs, vendor breaches, and confirmed prompt-injection-in-the-wild — each entry linked to a primary source, dated, and tagged for filtering.</description><link>https://ai-alert.org/</link><language>en</language><item><title>The Gentlemen Ransomware: AI-Assisted Development, 332 Victims, and the OSINT Trail That Exposed a Russian Admin</title><link>https://ai-alert.org/posts/weekly-who-runs-the-ransomware-group-the-gentlemen/</link><guid isPermaLink="true">https://ai-alert.org/posts/weekly-who-runs-the-ransomware-group-the-gentlemen/</guid><description>Security researchers have identified the suspected administrator of The Gentlemen, the world&apos;s second-most-active RaaS by victim count, as a Russian</description><pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>raas</category><category>threat-intelligence</category><category>ai-assisted-attack</category><category>attribution</category><category>cve</category><author>AI Alert Desk</author></item><item><title>LLM Security Risks: The 2025 Threat Landscape for AI Deployments</title><link>https://ai-alert.org/posts/llm-security-risks-2/</link><guid isPermaLink="true">https://ai-alert.org/posts/llm-security-risks-2/</guid><description>A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation</description><pubDate>Wed, 03 Jun 2026 00:00:00 GMT</pubDate><category>llm-security</category><category>prompt-injection</category><category>owasp</category><category>supply-chain</category><category>ai-vulnerabilities</category><author>AI Alert Desk</author></item><item><title>Building an AI Security Incident Response Plan</title><link>https://ai-alert.org/posts/ai-security-incident-response-plan/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-security-incident-response-plan/</guid><description>A practical incident response plan for AI systems — what a prompt-injection or model-extraction incident looks like, how the NIST SP 800-61r3 / CSF 2.</description><pubDate>Sat, 23 May 2026 00:00:00 GMT</pubDate><category>incident-response</category><category>nist</category><category>ai-security</category><category>playbook</category><category>detection</category><category>containment</category><category>forensics</category><author>AI Alert Desk</author></item><item><title>The NIST AI Risk Management Framework: A Practitioner&apos;s Field Guide</title><link>https://ai-alert.org/posts/nist-ai-rmf-practitioner-field-guide/</link><guid isPermaLink="true">https://ai-alert.org/posts/nist-ai-rmf-practitioner-field-guide/</guid><description>What the NIST AI RMF actually asks you to do — the GOVERN, MAP, MEASURE, MANAGE functions, the Generative AI Profile&apos;s 12 risk categories, and how a</description><pubDate>Sat, 23 May 2026 00:00:00 GMT</pubDate><category>nist</category><category>ai-rmf</category><category>governance</category><category>compliance</category><category>risk-management</category><category>generative-ai</category><category>framework</category><author>AI Alert Desk</author></item><item><title>CISA Contractor Exposed AWS GovCloud Admin Keys and Plaintext Passwords on Public GitHub Repo</title><link>https://ai-alert.org/posts/cisa-admin-leaked-aws-govcloud-keys-on-github/</link><guid isPermaLink="true">https://ai-alert.org/posts/cisa-admin-leaked-aws-govcloud-keys-on-github/</guid><description>A Nightwing contractor&apos;s public GitHub repository exposed administrative credentials to three AWS GovCloud accounts and dozens of internal CISA systems</description><pubDate>Tue, 19 May 2026 00:00:00 GMT</pubDate><category>credential-leak</category><category>aws</category><category>govcloud</category><category>github</category><category>cisa</category><author>AI Alert Desk</author></item><item><title>Deepfake Cybersecurity: Detection Methods and Practical Defenses</title><link>https://ai-alert.org/posts/deepfake-cybersecurity-3/</link><guid isPermaLink="true">https://ai-alert.org/posts/deepfake-cybersecurity-3/</guid><description>From the FBI&apos;s May 2025 warning on AI voice attacks targeting US officials to NIST&apos;s synthetic content framework, here is what detection technology</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><category>deepfakes</category><category>synthetic-media</category><category>detection</category><category>vishing</category><category>nist</category><category>ai-security</category><author>AI Alert Desk</author></item><item><title>Generative AI Risks: A Technical Reference for Security Teams</title><link>https://ai-alert.org/posts/generative-ai-risks-2/</link><guid isPermaLink="true">https://ai-alert.org/posts/generative-ai-risks-2/</guid><description>A practitioner-focused breakdown of generative AI risks mapped against NIST AI 600-1 and the OWASP Top 10 for LLMs — prompt injection, data poisoning</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><category>generative-ai</category><category>llm-security</category><category>prompt-injection</category><category>data-poisoning</category><category>ai-risk-management</category><author>AI Alert Desk</author></item><item><title>Machine Learning Security: Attack Taxonomy, CVEs, and Defenses</title><link>https://ai-alert.org/posts/machine-learning-security-3/</link><guid isPermaLink="true">https://ai-alert.org/posts/machine-learning-security-3/</guid><description>A technical overview of machine learning security threats in 2026: NIST&apos;s adversarial ML taxonomy, MITRE ATLAS attack classes, the CVE-2025-62164 vLLM</description><pubDate>Wed, 13 May 2026 00:00:00 GMT</pubDate><category>machine-learning</category><category>adversarial-ml</category><category>cve</category><category>data-poisoning</category><category>supply-chain</category><category>model-security</category><author>AI Alert Desk</author></item><item><title>OpenAI Security: Bug Bounties, CVE Disclosure, Mixpanel Breach</title><link>https://ai-alert.org/posts/openai-security/</link><guid isPermaLink="true">https://ai-alert.org/posts/openai-security/</guid><description>A practitioner&apos;s overview of OpenAI security in 2026: their bug bounty program, CNA status, the November 2025 Mixpanel breach, and what security teams</description><pubDate>Tue, 12 May 2026 00:00:00 GMT</pubDate><category>openai</category><category>bug-bounty</category><category>cve</category><category>breach</category><category>vulnerability-disclosure</category><category>ai-security</category><author>AI Alert Desk</author></item><item><title>ChatGPT Security: Patched Flaws, Persistent Gaps, Unsolved Risks</title><link>https://ai-alert.org/posts/chatgpt-security-2/</link><guid isPermaLink="true">https://ai-alert.org/posts/chatgpt-security-2/</guid><description>A technical review of ChatGPT security vulnerabilities disclosed in 2025-2026: DNS-based data exfiltration, ZombieAgent prompt injection bypass, Codex</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>chatgpt</category><category>openai</category><category>prompt-injection</category><category>data-exfiltration</category><category>llm-security</category><category>vulnerability-disclosure</category><author>AI Alert Desk</author></item><item><title>ChatGPT Security: Risks, Controls, and How to Use It Safely</title><link>https://ai-alert.org/posts/chatgpt-security/</link><guid isPermaLink="true">https://ai-alert.org/posts/chatgpt-security/</guid><description>A practitioner&apos;s guide to ChatGPT security in 2026: how OpenAI protects enterprise data, where prompt injection and account-takeover risks live, and the</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>chatgpt</category><category>llm-security</category><category>openai</category><category>prompt-injection</category><category>enterprise-ai</category><category>data-privacy</category><author>AI Alert Desk</author></item><item><title>CISA AI Security Guidance: What Organizations Need in 2026</title><link>https://ai-alert.org/posts/cisa-ai-security-guidance-2026/</link><guid isPermaLink="true">https://ai-alert.org/posts/cisa-ai-security-guidance-2026/</guid><description>A breakdown of CISA&apos;s published AI security guidance — what it covers, what it requires, and how organizations should operationalize it.</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>cisa</category><category>ai-security-guidance</category><category>secure-by-design</category><category>ai-sbom</category><category>compliance</category><category>advisory</category><category>federal</category><category>threat-alert</category><author>AI Alert Desk</author></item><item><title>Deepfake Cybersecurity: Five Confirmed Cases and the Patterns</title><link>https://ai-alert.org/posts/deepfake-cybersecurity-2/</link><guid isPermaLink="true">https://ai-alert.org/posts/deepfake-cybersecurity-2/</guid><description>A working catalog of confirmed deepfake cybersecurity incidents from 2024 and 2025 — from Arup&apos;s $25M loss to Ferrari&apos;s averted scam — and the controls</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>deepfakes</category><category>incident-catalog</category><category>social-engineering</category><category>bec</category><category>dprk-it-workers</category><category>ai-security</category><author>AI Alert Desk</author></item><item><title>Deepfake Cybersecurity: Attack Vectors and Defenses for 2026</title><link>https://ai-alert.org/posts/deepfake-cybersecurity/</link><guid isPermaLink="true">https://ai-alert.org/posts/deepfake-cybersecurity/</guid><description>Deepfake cybersecurity has moved from theoretical risk to documented billion-dollar loss category. Here&apos;s what the attack surface looks like, why</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>deepfakes</category><category>synthetic-media</category><category>social-engineering</category><category>identity-fraud</category><category>bec</category><category>threat-brief</category><category>ai-security</category><author>AI Alert Desk</author></item><item><title>Generative AI Risks: A Practical Taxonomy for Security Teams</title><link>https://ai-alert.org/posts/generative-ai-risks/</link><guid isPermaLink="true">https://ai-alert.org/posts/generative-ai-risks/</guid><description>Generative AI risks span prompt injection, data poisoning, supply chain vulnerabilities, hallucination, and governance failures.</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>generative-ai</category><category>ai-risks</category><category>llm-security</category><category>prompt-injection</category><category>data-poisoning</category><category>ai-governance</category><author>AI Alert Desk</author></item><item><title>How to Track AI Security Alerts: CISA, NIST, and Vendor Feeds</title><link>https://ai-alert.org/posts/how-to-track-ai-security-alerts/</link><guid isPermaLink="true">https://ai-alert.org/posts/how-to-track-ai-security-alerts/</guid><description>A practical guide to the official and community sources for AI security alerts — what each publishes, how frequently, and how to integrate them into a</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>ai-security-alert</category><category>cisa</category><category>nist</category><category>advisory</category><category>monitoring</category><category>threat-intelligence</category><category>patch-management</category><author>AI Alert Desk</author></item><item><title>LLM Security Alerts: Monitoring, Detection, and Response</title><link>https://ai-alert.org/posts/llm-security-alerts-monitoring-response/</link><guid isPermaLink="true">https://ai-alert.org/posts/llm-security-alerts-monitoring-response/</guid><description>A practical guide to setting up LLM security alerting — what to monitor, what alert patterns indicate compromise or attack, how to triage LLM security</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>llm-security-alert</category><category>ai-security-alert</category><category>monitoring</category><category>detection</category><category>incident-response</category><category>prompt-injection</category><category>ai-security-update</category><category>siem</category><author>AI Alert Desk</author></item><item><title>LLM Security Risks: A Practitioner&apos;s Field Guide for 2025</title><link>https://ai-alert.org/posts/llm-security-risks/</link><guid isPermaLink="true">https://ai-alert.org/posts/llm-security-risks/</guid><description>A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>llm-security</category><category>prompt-injection</category><category>supply-chain</category><category>model-poisoning</category><category>agent-security</category><category>owasp</category><author>AI Alert Desk</author></item><item><title>Machine Learning Security Across the Pipeline: Data to Deployment</title><link>https://ai-alert.org/posts/machine-learning-security-2/</link><guid isPermaLink="true">https://ai-alert.org/posts/machine-learning-security-2/</guid><description>Machine learning security vulnerabilities enter at every stage — data ingestion, model training, artifact storage, and inference.</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>machine-learning-security</category><category>ml-pipeline</category><category>data-poisoning</category><category>supply-chain</category><category>mlsecops</category><author>AI Alert Desk</author></item><item><title>Machine Learning Security: Threats, Frameworks, and Defenses</title><link>https://ai-alert.org/posts/machine-learning-security/</link><guid isPermaLink="true">https://ai-alert.org/posts/machine-learning-security/</guid><description>A practitioner&apos;s reference for machine learning security: the canonical attack categories, the frameworks that catalog them (NIST AI 100-2, OWASP ML Top</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>machine-learning-security</category><category>adversarial-ml</category><category>mlsecops</category><category>nist</category><category>owasp</category><category>mitre-atlas</category><author>AI Alert Desk</author></item><item><title>AI-Generated Phishing and the Collapse of Spearphishing Cost</title><link>https://ai-alert.org/posts/ai-generated-phishing-spearphishing-cost-collapse/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-generated-phishing-spearphishing-cost-collapse/</guid><description>Crafting a convincing, personalized phishing email once required hours of research per target. Large language models have reduced that cost to seconds.</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>phishing</category><category>spearphishing</category><category>social-engineering</category><category>llm-abuse</category><category>threat-intelligence</category><category>bec</category><category>enterprise-security</category><author>AI Alert Desk</author></item><item><title>AI Agent Security Incidents: When Autonomous AI Went Wrong</title><link>https://ai-alert.org/posts/ai-agent-security-incidents-2025/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-agent-security-incidents-2025/</guid><description>A documented review of security incidents involving autonomous AI agents in 2024-2025, covering tool misuse, privilege escalation via injection, and the</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>agent-security</category><category>agentic-ai</category><category>llm-agents</category><category>prompt-injection</category><category>tool-use</category><category>incidents</category><category>autonomous-ai</category><author>AI Alert Desk</author></item><item><title>What Red Teamers Are Finding in 2026: LLM Defense Gaps</title><link>https://ai-alert.org/posts/ai-red-teaming-llm-jailbreak-defenses-2026/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-red-teaming-llm-jailbreak-defenses-2026/</guid><description>Enterprise LLM deployments are being red-teamed at scale for the first time. Security practitioners find consistent failure patterns — misconfigured</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>red-team</category><category>jailbreak</category><category>llm-security</category><category>system-prompt</category><category>agentic</category><category>enterprise-ai</category><category>assessment</category><category>2026</category><author>AI Alert Desk</author></item><item><title>CISA&apos;s KEV Catalog: What It Tells Us About AI/ML Security</title><link>https://ai-alert.org/posts/cisa-kev-ai-ml-vulnerabilities-analysis/</link><guid isPermaLink="true">https://ai-alert.org/posts/cisa-kev-ai-ml-vulnerabilities-analysis/</guid><description>The CISA KEV catalog tracks vulnerabilities with confirmed active exploitation. Examining KEV entries for AI/ML-adjacent components reveals which parts of</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>cisa</category><category>kev</category><category>known-exploited</category><category>vulnerability</category><category>ml-infrastructure</category><category>cve</category><category>patch-management</category><category>federal</category><author>AI Alert Desk</author></item><item><title>Compromised Models on Hugging Face: Pickle Exploits in the Hub</title><link>https://ai-alert.org/posts/compromised-huggingface-models-pickle-exploits/</link><guid isPermaLink="true">https://ai-alert.org/posts/compromised-huggingface-models-pickle-exploits/</guid><description>Malicious actors have uploaded model files to Hugging Face containing pickle payloads that execute code on download.</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>hugging-face</category><category>pickle</category><category>model-hub</category><category>supply-chain</category><category>code-execution</category><category>safetensors</category><category>malicious-models</category><category>mlsec</category><author>AI Alert Desk</author></item><item><title>CVE Roundup: AI/ML Infrastructure Vulnerabilities — Q1 2026</title><link>https://ai-alert.org/posts/cve-roundup-ai-ml-infrastructure-q1-2026/</link><guid isPermaLink="true">https://ai-alert.org/posts/cve-roundup-ai-ml-infrastructure-q1-2026/</guid><description>A quarterly review of critical CVEs disclosed in Q1 2026 affecting model serving infrastructure: vLLM, NVIDIA Triton Inference Server, Gradio, LangChain</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>cve-roundup</category><category>vllm</category><category>triton</category><category>gradio</category><category>langchain</category><category>langflow</category><category>model-serving</category><category>q1-2026</category><category>infrastructure</category><author>AI Alert Desk</author></item><item><title>Hugging Face Security Incidents: Malicious Models and Token Theft</title><link>https://ai-alert.org/posts/hugging-face-security-incidents/</link><guid isPermaLink="true">https://ai-alert.org/posts/hugging-face-security-incidents/</guid><description>A review of documented security incidents on the Hugging Face platform, including malicious model uploads, the 2024 Spaces infrastructure breach, and the</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>hugging-face</category><category>supply-chain</category><category>model-hub</category><category>pickle</category><category>safetensors</category><category>infrastructure-security</category><category>mlops</category><author>AI Alert Desk</author></item><item><title>Major Jailbreak Techniques of 2025: Disclosures and What Persists</title><link>https://ai-alert.org/posts/jailbreak-techniques-2025-roundup/</link><guid isPermaLink="true">https://ai-alert.org/posts/jailbreak-techniques-2025-roundup/</guid><description>A roundup of significant jailbreak techniques disclosed or widely documented in 2025, including many-shot jailbreaking, crescendo attacks, cipher-based</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>jailbreaking</category><category>alignment-bypass</category><category>red-teaming</category><category>llm-security</category><category>disclosure</category><category>safety</category><category>adversarial-prompting</category><author>AI Alert Desk</author></item><item><title>Model File Format Flaws: Pickle, ONNX, and SafeTensors</title><link>https://ai-alert.org/posts/model-file-format-vulnerabilities-pickle-onnx-safetensors/</link><guid isPermaLink="true">https://ai-alert.org/posts/model-file-format-vulnerabilities-pickle-onnx-safetensors/</guid><description>Unsafe deserialization in PyTorch&apos;s pickle-based format has enabled malicious model distribution for years. This post explains how pickle exploitation</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>pickle</category><category>onnx</category><category>safetensors</category><category>model-format</category><category>deserialization</category><category>supply-chain</category><category>huggingface</category><category>pytorch</category><author>AI Alert Desk</author></item><item><title>OWASP LLM Top 10 2025: What Changed and Why It Matters</title><link>https://ai-alert.org/posts/owasp-llm-top-10-2025-changes/</link><guid isPermaLink="true">https://ai-alert.org/posts/owasp-llm-top-10-2025-changes/</guid><description>The OWASP Top 10 for Large Language Model Applications was updated for 2025. Here is a breakdown of what moved, what was added, and why the changes</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>owasp</category><category>llm-security</category><category>top-10</category><category>prompt-injection</category><category>rag</category><category>agent-security</category><category>risk-framework</category><author>AI Alert Desk</author></item><item><title>Prompt Injection via Email: How AI Agents Get Hijacked</title><link>https://ai-alert.org/posts/prompt-injection-email-ai-agents/</link><guid isPermaLink="true">https://ai-alert.org/posts/prompt-injection-email-ai-agents/</guid><description>Email is the highest-volume source of untrusted content in enterprise environments — and it&apos;s now being fed directly into AI agents.</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>email</category><category>copilot</category><category>outlook</category><category>indirect-injection</category><category>microsoft-365</category><category>enterprise-ai</category><category>incident</category><author>AI Alert Desk</author></item><item><title>Data Poisoning in RAG Systems: A 2026 Threat Briefing</title><link>https://ai-alert.org/posts/rag-knowledge-base-poisoning-2026-threat-brief/</link><guid isPermaLink="true">https://ai-alert.org/posts/rag-knowledge-base-poisoning-2026-threat-brief/</guid><description>Attackers are actively poisoning retrieval-augmented generation knowledge bases in enterprise deployments. This briefing documents the current threat</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>rag</category><category>data-poisoning</category><category>knowledge-base</category><category>vector-database</category><category>indirect-injection</category><category>enterprise-ai</category><category>threat-brief</category><category>2026</category><author>AI Alert Desk</author></item><item><title>RAG Poisoning: How Retrieval-Augmented Systems Get Compromised</title><link>https://ai-alert.org/posts/rag-poisoning-retrieval-attacks/</link><guid isPermaLink="true">https://ai-alert.org/posts/rag-poisoning-retrieval-attacks/</guid><description>RAG systems inherit all the vulnerabilities of LLMs and add a new one: the retrieval corpus. Injecting malicious content into retrieved sources can hijack</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>rag</category><category>retrieval</category><category>prompt-injection</category><category>indirect-injection</category><category>vector-database</category><category>knowledge-base</category><category>llm-security</category><author>AI Alert Desk</author></item><item><title>Shadow AI: Ungoverned LLM API Keys and Data Exfiltration Risk</title><link>https://ai-alert.org/posts/shadow-ai-enterprise-ungoverned-api-keys/</link><guid isPermaLink="true">https://ai-alert.org/posts/shadow-ai-enterprise-ungoverned-api-keys/</guid><description>Employees using personal Claude, OpenAI, and Gemini API keys for work tasks bypass corporate DLP controls and send sensitive business data to external</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>shadow-ai</category><category>api-keys</category><category>data-exfiltration</category><category>enterprise-security</category><category>dlp</category><category>governance</category><category>openai</category><category>claude</category><author>AI Alert Desk</author></item><item><title>AI Security: Attack Categories, Defense Gaps, and How to Respond</title><link>https://ai-alert.org/posts/ai-security/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-security/</guid><description>A practitioner guide to the four core attack categories against AI/ML systems — from adversarial inputs to supply chain compromise — with mitigation</description><pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate><category>ai-security</category><category>adversarial-ml</category><category>prompt-injection</category><category>supply-chain</category><category>nist</category><category>llm-security</category><author>AI Alert Desk</author></item><item><title>Model Extraction Attacks: How Adversaries Steal AI via the API</title><link>https://ai-alert.org/posts/model-extraction-attacks-explained/</link><guid isPermaLink="true">https://ai-alert.org/posts/model-extraction-attacks-explained/</guid><description>Model extraction attacks reconstruct proprietary AI models by querying their public APIs. Here&apos;s how they work, what has been demonstrated against real</description><pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate><category>model-extraction</category><category>model-theft</category><category>api-security</category><category>adversarial-ml</category><category>intellectual-property</category><category>privacy</category><category>llm-security</category><author>AI Alert Desk</author></item><item><title>Weekly AI Security Digest — May Week 2, 2026</title><link>https://ai-alert.org/posts/weekly-ai-security-digest-may-week2/</link><guid isPermaLink="true">https://ai-alert.org/posts/weekly-ai-security-digest-may-week2/</guid><description>Top five AI security developments from May 5-9, 2026: CISA guidance on AI in critical infrastructure, new prompt injection research, LLM supply chain</description><pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate><category>digest</category><category>weekly</category><category>cisa</category><category>prompt-injection</category><category>supply-chain</category><category>breach</category><category>eu-ai-act</category><category>may-2026</category><author>AI Alert Desk</author></item><item><title>A Practical Guide to AI Red-Teaming for Security Teams</title><link>https://ai-alert.org/posts/ai-red-teaming-guide/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-red-teaming-guide/</guid><description>Red-teaming LLMs requires different skills and methodology than traditional network or application penetration testing.</description><pubDate>Fri, 08 May 2026 00:00:00 GMT</pubDate><category>red-teaming</category><category>llm-security</category><category>pentesting</category><category>adversarial-testing</category><category>methodology</category><category>owasp</category><category>ai-security</category><author>AI Alert Desk</author></item><item><title>AI System Security Audit Checklist for 2026</title><link>https://ai-alert.org/posts/ai-security-audit-checklist/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-security-audit-checklist/</guid><description>A practical audit checklist for AI systems covering model inputs, training pipeline, outputs, access control, logging, and red-team requirements.</description><pubDate>Fri, 08 May 2026 00:00:00 GMT</pubDate><category>checklist</category><category>audit</category><category>prompt-injection</category><category>data-poisoning</category><category>access-control</category><category>logging</category><category>red-team</category><category>primer</category><author>AI Alert Desk</author></item><item><title>How to Benchmark AI Security Tools: A 2026 Methodology</title><link>https://ai-alert.org/posts/aisecbench-2026-evaluation-methodology/</link><guid isPermaLink="true">https://ai-alert.org/posts/aisecbench-2026-evaluation-methodology/</guid><description>Choosing an AI security tool without a structured evaluation methodology is expensive guesswork. This guide covers the metrics that matter, the pitfalls</description><pubDate>Fri, 08 May 2026 00:00:00 GMT</pubDate><category>benchmarking</category><category>evaluation</category><category>methodology</category><category>ai-security-tools</category><category>red-teaming</category><category>mlsecops</category><category>metrics</category><author>AI Alert Desk</author></item><item><title>The Samsung ChatGPT Data Leak: Lessons for Enterprise AI</title><link>https://ai-alert.org/posts/ai-incident-samsung-data-leak/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-incident-samsung-data-leak/</guid><description>In 2023, Samsung employees leaked proprietary source code and meeting notes through ChatGPT. This incident defined a category of enterprise AI risk that</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate><category>data-leak</category><category>samsung</category><category>chatgpt</category><category>enterprise-ai</category><category>dlp</category><category>incident-analysis</category><category>ai-policy</category><author>AI Alert Desk</author></item><item><title>Prompt Injection in the Wild: Incidents from 2024-2025</title><link>https://ai-alert.org/posts/prompt-injection-wild-2025/</link><guid isPermaLink="true">https://ai-alert.org/posts/prompt-injection-wild-2025/</guid><description>A catalog of confirmed prompt injection incidents in real deployments: Bing Chat, Slack AI, email assistants, and customer service bots.</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>bing</category><category>slack</category><category>incidents</category><category>analysis</category><category>indirect-injection</category><category>wild</category><author>AI Alert Desk</author></item><item><title>Tool Review: Garak, the LLM Vulnerability Scanner</title><link>https://ai-alert.org/posts/tool-review-garak-llm-scanner/</link><guid isPermaLink="true">https://ai-alert.org/posts/tool-review-garak-llm-scanner/</guid><description>Garak is an open-source LLM vulnerability scanner from NVIDIA that probes language models for dozens of failure modes.</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate><category>garak</category><category>tool-review</category><category>llm-scanner</category><category>vulnerability-scanner</category><category>red-teaming</category><category>open-source</category><category>nvidia</category><author>AI Alert Desk</author></item><item><title>CVE-2026-7845: Hash Collision in Langchain-Chatchat</title><link>https://ai-alert.org/posts/cve-2026-7845-a-flaw-has-been-found-in-chatchat-space-langch/</link><guid isPermaLink="true">https://ai-alert.org/posts/cve-2026-7845-a-flaw-has-been-found-in-chatchat-space-langch/</guid><description>A weak-hash flaw in Langchain-Chatchat up to 0.3.1.3 lets an adjacent attacker overwrite pasted images by colliding MD5 hashes computed from PIL.Image.</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>langchain-chatchat</category><category>weak-hash</category><category>vision-llm</category><category>md5</category><category>image-collision</category><author>AI Alert Desk</author></item><item><title>AI/ML CVE Roundup: May 2026 — What Got Patched</title><link>https://ai-alert.org/posts/cve-roundup-ai-ml-may-2026/</link><guid isPermaLink="true">https://ai-alert.org/posts/cve-roundup-ai-ml-may-2026/</guid><description>A summary of AI and ML-adjacent CVEs disclosed in early–mid 2026 across model serving frameworks, LLM API gateways, agent SDKs, and ML training libraries.</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>cve-roundup</category><category>vllm</category><category>litellm</category><category>ollama</category><category>supply-chain</category><category>may-2026</category><author>AI Alert Desk</author></item><item><title>Model Theft via API: How Extraction Attacks on Closed LLMs Work</title><link>https://ai-alert.org/posts/gpt4-model-theft-incident-analysis/</link><guid isPermaLink="true">https://ai-alert.org/posts/gpt4-model-theft-incident-analysis/</guid><description>Model extraction attacks let adversaries reconstruct proprietary LLMs by querying their APIs at scale. We examine the mechanics, cost-of-extraction</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate><category>model-extraction</category><category>model-theft</category><category>inference-attacks</category><category>openai</category><category>anthropic</category><category>api-security</category><category>analysis</category><author>AI Alert Desk</author></item><item><title>LLM Supply Chain Poisoning: Training Data Attacks and Backdoors</title><link>https://ai-alert.org/posts/llm-supply-chain-poisoning/</link><guid isPermaLink="true">https://ai-alert.org/posts/llm-supply-chain-poisoning/</guid><description>Training data poisoning and model supply chain attacks are among the hardest AI threats to detect. This post explains how they work, what public research</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate><category>supply-chain</category><category>poisoning</category><category>backdoor</category><category>training-data</category><category>llm-security</category><category>adversarial-ml</category><category>huggingface</category><author>AI Alert Desk</author></item><item><title>Tool Review: LLM Guard for Input/Output Filtering</title><link>https://ai-alert.org/posts/ai-tool-security-review-llm-guard/</link><guid isPermaLink="true">https://ai-alert.org/posts/ai-tool-security-review-llm-guard/</guid><description>LLM Guard is an open-source input/output filtering library for LLM applications. We review what it detects, how it deploys, its real limitations, and when</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>tools</category><category>llm-guard</category><category>input-filtering</category><category>output-filtering</category><category>prompt-injection</category><category>pii</category><category>defense</category><author>AI Alert Desk</author></item><item><title>How System Prompt Leaks Happen: Techniques and Defenses</title><link>https://ai-alert.org/posts/gpt4-system-prompt-leak-incident/</link><guid isPermaLink="true">https://ai-alert.org/posts/gpt4-system-prompt-leak-incident/</guid><description>Prompt injection attacks that expose system prompts are one of the most common real-world LLM exploits. This post covers the mechanics of system prompt</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>system-prompt</category><category>llm-security</category><category>gpt-4</category><category>jailbreaking</category><category>owasp</category><category>confidentiality</category><author>AI Alert Desk</author></item><item><title>Jailbreaking vs Prompt Injection: Not the Same Attack</title><link>https://ai-alert.org/posts/jailbreaking-vs-prompt-injection/</link><guid isPermaLink="true">https://ai-alert.org/posts/jailbreaking-vs-prompt-injection/</guid><description>Security practitioners conflate jailbreaking and prompt injection constantly. They are distinct attack classes with different threat actors, different</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>jailbreaking</category><category>prompt-injection</category><category>llm-security</category><category>owasp</category><category>alignment</category><category>primer</category><author>AI Alert Desk</author></item><item><title>MetInfo CMS CVE-2026-29014 Exploited in the Wild for RCE</title><link>https://ai-alert.org/posts/metinfo-cms-cve-2026-29014-exploited-for-remote-code-executi/</link><guid isPermaLink="true">https://ai-alert.org/posts/metinfo-cms-cve-2026-29014-exploited-for-remote-code-executi/</guid><description>A critical unauthenticated PHP code injection flaw in MetInfo CMS 7.9–8.1 (CVSS 9.8) is under active exploitation. Patch to the April 7 release immediately.</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>remote-code-execution</category><category>php</category><category>cms</category><category>active-exploitation</category><author>AI Alert Desk</author></item><item><title>Germany Names UNKN: What the BKA&apos;s REvil and GandCrab Dox Buys</title><link>https://ai-alert.org/posts/weekly-germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcra/</link><guid isPermaLink="true">https://ai-alert.org/posts/weekly-germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcra/</guid><description>Germany&apos;s BKA has put a name and a face to UNKN, the operator behind GandCrab and REvil. Russia will not extradite, but the wanted notice is doing other</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>ransomware</category><category>revil</category><category>gandcrab</category><category>attribution</category><category>threat-intel</category><category>law-enforcement</category><author>AI Alert Desk</author></item><item><title>What Is Adversarial ML? A Practitioner&apos;s Primer</title><link>https://ai-alert.org/posts/what-is-adversarial-ml-primer/</link><guid isPermaLink="true">https://ai-alert.org/posts/what-is-adversarial-ml-primer/</guid><description>A practitioner-focused introduction to adversarial machine learning: evasion, poisoning, and inference attacks, why they matter in production, key papers</description><pubDate>Mon, 04 May 2026 00:00:00 GMT</pubDate><category>adversarial-ml</category><category>evasion</category><category>poisoning</category><category>membership-inference</category><category>primer</category><category>nist</category><author>AI Alert Desk</author></item><item><title>CISA Adds Exploited Linux Kernel LPE CVE-2026-31431 to KEV</title><link>https://ai-alert.org/posts/cisa-adds-actively-exploited-linux-root-access-bug-cve-2026/</link><guid isPermaLink="true">https://ai-alert.org/posts/cisa-adds-actively-exploited-linux-root-access-bug-cve-2026/</guid><description>A local privilege escalation flaw in the Linux kernel&apos;s AEAD crypto interface has been added to CISA&apos;s KEV catalog after active exploitation.</description><pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>linux-kernel</category><category>local-privilege-escalation</category><category>cisa-kev</category><category>cryptography</category><author>AI Alert Desk</author></item><item><title>CVE-2026-7669: Deserialization Flaw in SGLang&apos;s Tokenizer Loader</title><link>https://ai-alert.org/posts/cve-2026-7669-a-vulnerability-was-detected-in-sgl-project-sg/</link><guid isPermaLink="true">https://ai-alert.org/posts/cve-2026-7669-a-vulnerability-was-detected-in-sgl-project-sg/</guid><description>A medium-severity deserialization bug in SGLang&apos;s get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure</description><pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate><category>cve</category><category>sglang</category><category>huggingface</category><category>deserialization</category><category>llm-serving</category><category>supply-chain</category><author>AI Alert Desk</author></item></channel></rss>