Skip to main content
TopAIThreats home TOP AI THREATS

Changelog

A record of significant updates to TopAIThreats.com. For individual incident updates, see each incident's Update Log. For methodology changes, see the Methodology page.

February 2026 — API & Data Access Hub

February 2026 — Cross-Reference Population

  • Populated causal_factors, assets_involved, and attack_lifecycle on all 56 incidents
  • Added risk_assessment (impact scope and reversibility) to all critical and high severity incidents
  • Populated causal_factors, assets_involved, and typical_lifecycle_stages on all 42 threat patterns
  • All cross-references use validated slugs from the taxonomy's causal factors (15), assets (12), and lifecycle stages (6)

February 2026 — Taxonomy Expansion

February 2026 — ID Migration

  • Modernised incident ID format from AIT-YYYY-NNNN to INC-YY-NNNN
  • Introduced domain codes (DOM-INF, DOM-SEC, etc.) and pattern codes (PAT-INF-001, etc.)
  • Renamed all 56 incident files, updated all frontmatter, schemas, validation, APIs, and cross-references
  • Pattern codes are permanent and displayed on pattern detail, pattern index, domain detail, taxonomy, and incident sidebar pages

February 2026 — Ontology Restructure

  • Promoted sub-categories to Threat Patterns at top-level URLs (/patterns/[slug]/)
  • Renamed Prevention to Affected Groups and expanded from 7 to 9 groups
  • Created Sectors index with 18 sector detail pages
  • Rewrote Entity registry: replaced heuristic keyword extraction (~190 noisy pages) with curated organisation-only extraction (~40 entities)
  • Added victim_organizations and threat_actors fields to incident schema
  • Incident sidebar now links to entity pages, sector pages, and affected group pages

February 2026 — New Incidents

  • INC-23-0016: Bing Chat (Sydney) System Prompt Leak
  • INC-25-0004: EchoLeak — M365 Copilot Zero-Click Prompt Injection (CVE-2025-32711)
  • INC-25-0005: ChatGPT Windows Keys Jailbreak
  • INC-25-0006: ChatGPT Shared Links Data Exposure
  • INC-25-0007: GitHub Copilot RCE via Prompt Injection (CVE-2025-53773)
  • INC-25-0008: Cursor IDE CurXecute & MCPoison MCP Vulnerabilities (CVE-2025-54135/54136)
  • Total incidents: 56 (23 open, 33 resolved)

January 2026 — Content and Structure Update

  • Expanded About, Methodology, Privacy, Terms, Contact, and Contributing pages with full content
  • Upgraded threat pattern pages to 3-column layout with metadata sidebar and table of contents
  • Merged framework and incident methodology into a single comprehensive Methodology page
  • Added cross-domain related patterns to pattern sidebars
  • Improved mobile responsiveness across all page templates

2025-01-15 — Initial Launch

  • Published 8 threat domains with full definitions and framework mappings
  • Published 42 threat patterns across all domains
  • Documented 50 initial incidents with primary-source verification
  • Launched taxonomy page with full domain and threat pattern structure
  • Published incident ledger with filtering and stable incident identifiers
  • Schema.org JSON-LD markup on all pages
  • Machine-readable API endpoints: /api/threats.json and /api/incidents.json
  • LLM reference guide at /llms.txt
  • Sitemap generation for search engine indexing

Changelog Scope

The changelog records:

  • Taxonomy changes
  • Methodology updates
  • Structural or classification revisions
  • Major content corrections

Routine editorial edits may not be listed.

Versioning Philosophy

Top AI Threats is maintained as a living reference. Changes prioritise transparency and traceability over static completeness.