Title
1
Cut me some Slack...
2
BlenderBot3 in the Offensive
3
Spreading the Terror
4
Twitter/X GPT Issue
5
Bing Chat Spills the Tea
6
Syntax Error
7
Need a Hug
8
I command you to give me money
9
Vanna Cry
10
Chuanhu Chat Path
11
Anything Goes
12
Off the Rails
13
Needle in a Haystack
14
Chef's Kiss
15
Mudler Time
16
IDOR in Lunary
17
Ollama Drama
18
You Only Load Once
19
DeepSeek AI
20
Fable went berserk
21
IBM Issues in Watsonx.ai
22
OpenAI ChatGPT Open to Attack
23
Sage Copilot Asleep at the Cockpit
24
DeepSeek, Shallow Security
25
Meta Llama Hoofing It
26
Storm of Vulnerabilities in Lightning.AI
27
GitHub Copilot Jailbreak
28
Hewlett Packard Enterprise Packing Leaks
29
Two-faced Gemini AI
30
DeepSeek Sinking Deeper into Trouble
Drag to adjust the number of frozen columns
Description
Type
Industry
Records Breached
Date
OWASP LLM & GenAI Top 10
Aligns to OWASP AI Top 10
Primary Vector
Secondary Vector
URL
Slack's AI extension "Struct Chat" was found to be siphoning off private user messages.
Vulnerability
Software
NA
0202-02-03
18:32
LLM05
LLM02 (sensitive info disclosure)
https://www.androidpolice.com/slack-ai-tool-leaking-confidential-user-data/
AI outputs containing biased or offensive content.
Vulnerability
Software
NA
2022-08-06
23:00
LLM05
LLM04
Data and Model Poisoning
Misinformation
https://fortune.com/2022/08/09/painful-offensive-responses-meta-blenderbot-3-chatbot-tay/
BlenderBot 3 Cited Dutch Politician as a Terrorist
Vulnerability
Software
NA
2022-08-24
23:00
LLM09
Misinformation
https://twitter.com/MarietjeSchaake/status/1562515297688399873
GPT-3-based Twitter bot hijacked using prompt injection attacks.
Vulnerability
Software
NA
2022-09-15
23:00
LLM01
AI-powered Bing chat spills its secrets via prompt injection attack.
Vulnerability
Software
NA
2023-02-10
00:00
LLM01
Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
Spectral Labs pauses Syntax contracts after $200000 hack+
Breach
Crypto
NA
2023-12-02
00:00
On-chain AI Agents
Bonding Curve Mechanism
https://cointelegraph.com/news/spectral-labs-identifies-syntax-platform-vulnerability-pauses-contracts
Exposed Hugging Face API tokens offered full access to Meta's Llama 2
Breach
Software
1,500
2023-12-04
00:00
LLM06
LLM03
Sensitive Information Disclosure
Training Data Poisoning
https://www.theregister.com/2023/12/04/exposed_hugging_face_api_tokens/
HackerOne's A was vulnerable to invisible prompt injection via Unicode characters. This would allow an attacker to suggest higher bounties, valid reports, etc.
Vulnerability
Software
NA
2024-02-13
00:00
LLM01
Prompt Injection
https://hackerone.com/reports/2372363
Prompt Injection in "ask" API with visualization leads to RCE on Vanna AI
Vulnerability
Software
NA
2024-05-30
23:00
LLM01
Prompt Injection
Remote Code Execution
https://nvd.nist.gov/vuln/detail/CVE-2024-5565
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt.
Vulnerability
Software
NA
2024-06-24
23:00
LLM01
Prompt Injection
Remote Code Execution
https://nvd.nist.gov/vuln/detail/CVE-2024-5982
A vulnerability in Anything LLM allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption.
Vulnerability
Software
NA
2024-06-24
23:00
LLM03
Model Denial of Service
https://nvd.nist.gov/vuln/detail/cve-2024-5216
Guardrails AI users that consume RAIL documents from external sources are vulnerable to XXE
Vulnerability
Software
NA
2024-07-20
23:00
LLM06
Sensitive Information Disclosure
https://nvd.nist.gov/vuln/detail/CVE-2024-6961
Haystack clients that let their users create and run Pipelines from scratch are vulnerable to RCE
Vulnerability
Software
NA
2024-07-30
23:00
LLM01
Prompt Injection
https://nvd.nist.gov/vuln/detail/CVE-2024-41950
Muah.ai companion site breached to expose users fantasies
Breach
Software
1,900,000
2024-09-16
23:00
https://www.malwarebytes.com/blog/news/2024/10/ai-girlfriend-site-breached-user-fantasies-stolen
mudler/localai version 2.17.1 is vulnerable to a Timing Attack
Vulnerability
Software
NA
2024-10-29
00:00
LLM06
Sensitive Information Disclosure
https://nvd.nist.gov/vuln/detail/CVE-2024-7010
Unauthorized users can view or delete internal user data by manipulating user-controlled ID values.
Vulnerability
Software
NA
2024-10-29
00:00
LLM05
Supply Chain Vulnerabilities
https://nvd.nist.gov/vuln/detail/CVE-2024-7474
6 vulnerabilities reported in Ollama Open Source AI framework
Vulnerability
Open Source
NA
2024-10-30
00:00
LLM03
LLM04
LLM05
LLM06
Model Denial of Service
Model Theft
https://www.oligo.security/blog/more-models-more-probllms
Ultralytics AI model hijacked to infect thousands with cryptominer
Breach
Open Source
TBD
2024-12-06
00:00
LLM03
Supply Chain Vulnerabilities
https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
A DeepSeek AI flaw, which has since been patched, could have allowed bad actors to exploit via prompt injection attacks
Vulnerability
Software
NA
2024-12-08
00:00
LLM01
Prompt Injection
XSS
https://thehackernews.com/2024/12/researchers-uncover-prompt-injection.html
Fable's AI-generated summaries produced biased and offensive commentary, sparking controversy among users.
Vulnerability
Publishing
NA
2024-12-29
00:00
LLM04
LLM09
Data and Model Poisoning
Misinformation
https://www.wired.com/story/fable-controversy-ai-summaries/?_sp=afd5e611-7d02-4804-8573-a6d41f19d1d3.1737804955778
Improper input neutralization in the Web UI of IBM watsonx.ai. Authenticated users can inject JavaScript code into the app.
Vulnerability
Software
NA
2025-01-13
00:00
LLM01
Prompt Injection
XSS
https://gbhackers.com/ibm-watsonx-ai-vulnerability/
Vulnerability in crawler, could be tricked into DDoS-ing sites by attackers.
Vulnerability
Software
NA
2025-01-21
00:00
LLM01
https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/
When asked to show a list of recent invoices, the AI pulled data from other private customer accounts
Vulnerability
Software
NA
2025-01-24
00:00
LLM05
LLM02
Sensitive Information Disclosure
https://www.theregister.com/2025/01/20/sage_copilot_data_issue/
Distributed denial-of-service (DdoS) attack targeting its API and web chat platform.
Vulnerability
Software
NA
2025-01-27
00:00
API Vulnerability that allowed for RCE in Python API
Vulnerability
Software
2025-01-28
00:00
LLM06
LLM01
https://www.scworld.com/brief/severe-meta-llama-issue-risks-rce-in-ai-systems
Flaw in Javascript code for Lightning.AI’s development platform could give an attacker access to a user’s cloud studio and more.
Vulnerability
Software
NA
2025-01-30
00:00
LLM05
Sensitive Information Disclosure
Remote Code Execution
https://cyberscoop.com/lightningai-vulnerability-noma-cloud-phishing/
Researchers have uncovered two critical vulnerabilities in GitHub Copilot, which allow attackers to bypass ethical safeguards, manipulate model behavior, and even hijack access to premium AI resources like OpenAI’s GPT-o1.
Vulnerability
Software
NA
2025-01-31
00:00
LLM01
LLM02
Prompt Injection
Sensitive Information Disclosure
https://cybersecuritynews.com/github-copilot-jailbreak-vulnerability/
IntelBroker and EnergyWeaponUser have hacked HPE for API tokens, Source code, credentials and more.
Vulnerability
Software
NA
2025-01-31
19:17
https://darkwebinformer.com/intelbroker-and-energyweaponuser-have-leaked-hpe-gtcaas-source-code-credentials-api-tokens-and-more-in-a-second-breach/
Google's Gemini is being misused by hackers from approximately 20 countries to launch attacks.
Vulnerability
Software
NA
2025-02-01
19:07
https://www.bleepingcomputer.com/news/security/google-says-hackers-abuse-gemini-ai-to-empower-their-attacks/
LLMjackers are using DeepSeek for malicious purposes, weeks after its release.
Vulnerability
Software
NA
2025-02-11
04:34
Sensitive Information Disclosure
https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys
30 records

Alert

Lorem ipsum
Okay
View larger version
Copy base