AI-related CVEs: a practical tracker and triage workflow
• Category: AI CVEs
What counts as “AI-related” CVEs?
- LLM serving/inference stacks (e.g., proxies, gateways, model servers)
- RAG components: vector DBs, retrievers, embedding services
- Agent runtimes/tooling: sandboxes, connectors, browser automation
- Prompt/template injection surfaces (less "CVE", more appsec issue—but track it)
Tracking sources (daily)
- NVD / CVE feeds
- GitHub Security Advisories
- Vendor advisories (vector DBs, orchestration tools, gateways)
Triage workflow (fast)
- Identify if you run the affected component (version + exposure).
- Classify impact: RCE/auth bypass/data exfiltration/DoS.
- Check exploitability: PoC exists? exploited in the wild?
- Mitigate immediately (config hardening, network ACLs) then patch.
- Verify: upgrade, redeploy, scan, and add monitoring for regressions.
Suggested spreadsheet columns (template)
- CVE ID
- Component
- Affected versions
- Your exposure (internet/internal)
- Severity (CVSS + business)
- Status (new/triaged/mitigated/patched/verified)
- Owner
- Deadline
Next: I’ll add a dedicated AI CVEs category hub plus a weekly update post format.