AI and Data Security Vulnerabilities Highlighted in Recent Incidents

Researchers demonstrated a prompt injection attack targeting Manus, a medical AI assistant, enabling unauthorized access to sensitive patient data by manipulating input prompts. CarGurus exposed 12 million customer records, including names, email addresses, and partial payment details, due to a misconfigured database discovered in February 2026. A study revealed that large language models (LLMs) can deanonymize users by cross-referencing seemingly innocuous text inputs with publicly available data, raising privacy concerns. The incidents highlight risks in AI-driven systems, improper data storage practices, and the potential for re-identification attacks. No specific CVE IDs or patch details were provided for the reported vulnerabilities.