Multiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access.
Affected are platforms that are essential for hosting and deploying large language models, including Ray, MLflow, ModelDB, and H20. While some vulnerabilities have been addressed, others have not received a patch.
Researchers discovered a wide range of vulnerabilities in the tools used in the supply chain for building chatbots and other kinds of AI/ML models, according to Protect AI’s November Vulnerability Report.
“Many of these OSS tools, frameworks, and artifacts, come out of the box with vulnerabilities that can lead directly to complete system takeovers such as unauthenticated remote code execution or local file inclusion vulnerabilities”, reads the report.
Large language models (LLM), as well as other ML platforms and AIs, are hosted, deployed, and shared via the impacted platforms.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
These consist of the machine learning management platform ModelDB, the machine learning lifecycle platform MLflow, the machine learning platform Ray, which is used for the distributed training of machine learning models, and the open-source Java-based H20 version 3 machine learning platform.
Users are recommended to “Upgrade to the latest non-vulnerable version” for fixed vulnerabilities. “Restrict access to the web application” for unpatched vulnerabilities.
Experience how StorageGuard eliminates the security blind spots in your storage systems, try a 14-day free trial.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…