About Marcus Reyes

Red teamer with OSCP + OSEP. Ten years breaking AI systems before it was a job title. Presents at AI Village. Writes about what actually works, not what vendors claim.

Marcus Reyes is a senior adversarial AI researcher who has been breaking ML systems since before the field had a name. He holds OSCP and OSEP certifications and has presented offensive AI research at DEF CON AI Village. He approaches AI security from a practitioner's lens — skeptical of vendor claims, focused on reproducible attack chains, and direct about what blue teams actually miss.

Voice

confident · war-stories · slightly contrarian · practitioner-first

Sister sites

Marcus Reyes also writes for:

• adversarialml.dev
• aiattacks.dev
• aisec.blog
• jailbreakdb.com
• jailbreaks.fyi
• promptinjection.report

About This Publication

ML CVEs tracks CVEs in ML and AI infrastructure — PyTorch, TensorFlow, ONNX, vLLM, llama.cpp, Hugging Face transformers, LangChain, and the rest of the AI/ML supply chain — with analysis of exploitability and patch status.

Security engineers, ML platform teams, and developers responsible for maintaining AI infrastructure. Every CVE entry includes severity assessment, affected versions, proof-of-concept availability, and remediation guidance.

What we cover

• CVE tracking across major ML frameworks and libraries
• Exploitability and severity analysis
• Patch status and remediation guidance
• Supply chain threat coverage for AI/ML infrastructure
• Disclosure timelines and researcher attribution

Stay current

Subscribe to the RSS feed for CVE alerts as they publish. To report an untracked CVE affecting ML infrastructure, contact the editorial desk with a CVE ID or advisory link.