bipa2026-05-14
Adobe Firefly BIPA voice-training class action
On May 14, 2026, seven Illinois journalists, podcasters, and audiobook narrators filed a proposed class-action lawsuit against Adobe in the US District Court...
Read incident
AI Security Incidents
A running log of AI privacy, security, and data-handling incidents. Confirmed disclosures, regulatory actions, and unresolved investigations across the major AI vendors.
10 incidents tracked
supply-chain2026-05-11
OpenAI internal repo and signing credential exposure via TanStack npm supply chain
On May 14, 2026, OpenAI disclosed that two employee devices were impacted by malicious npm packages from the TanStack supply chain attack that researchers...
Read incident
shadow-ai2026-05-07
Community Bank discloses customer data exposure through an unauthorized AI application
On May 7, 2026, Community Bank, a regional U.S. lender operating in Pennsylvania, Ohio, and West Virginia, filed a Form 8-K with the Securities and Exchange...
Read incident
api-keys2026-05-04
Braintrust AWS account compromise and customer API key rotation
On May 5, 2026, Braintrust, an AI evaluation and observability platform, posted a website notice disclosing unauthorized access to one of its AWS accounts...
Read incident
Anthropic2026-04-22
Claude Mythos Breach: Anthropic Lost Its Most Dangerous AI Model on Day One
A private Discord group gained unauthorized access to Claude Mythos Preview within 24 hours of launch, via a shared credential from a third-party contractor for Anthropic plus a URL pattern guess. What it means for your confidential data.
Read incident
model-misuse2026-04-20
French prosecutors investigate X over Grok-generated child sexual abuse material
On April 20, 2026, Elon Musk and X chief executive Linda Yaccarino were summoned for voluntary questioning by the Paris prosecutor's office over the use of...
Read incident
supply-chain2026-03-31
OpenAI macOS signing pipeline compromise via Axios supply chain
On March 31, 2026, OpenAI's GitHub Actions workflow for notarizing macOS applications executed a malicious version of the Axios JavaScript library during a...
Read incident
healthcare2026-03-25
EFF FOIA lawsuit over Medicare WISeR AI prior-authorization program
On March 25, 2026, the Electronic Frontier Foundation filed a Freedom of Information Act lawsuit against the Centers for Medicare & Medicaid Services seeking...
Read incident
misconfiguration2026-02-03
Sears Home Services AI chatbot and call database exposure
On February 3, 2026, security researcher Jeremiah Fowler discovered three publicly accessible databases belonging to Sears Home Services, the home repair...
Read incident
firebase2026-01-20
Chat and Ask AI Firebase misconfiguration exposes 300 million user messages
On January 20, 2026, independent security researcher Harry identified a Firebase misconfiguration in Chat & Ask AI, a multi-model AI chat application...
Read incident