Unpatched Critical Vulnerabilities Open AI Models to Takeover

Unpatched Critical Vulnerabilities Open AI Models to Takeover

November 16, 2023 at 12:49PM

Researchers have discovered critical vulnerabilities in the infrastructure used for AI models, putting companies at risk. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. These vulnerabilities could potentially give unauthorized access to AI models and the rest of the network. Protect AI disclosed the results and informed software maintainers about the issues. The risk of industrial espionage is significant, as stealing intellectual property from AI models can have a substantial impact. AI vulnerabilities could also lead to the dissemination of erroneous or malicious outputs. The security of AI infrastructure is often overlooked, and businesses need to prioritize it. Bug hunting in the AI sector is still relatively new, but there is likely to be an increasing focus on finding vulnerabilities in AI/ML tools in the future.

The meeting notes discuss the identification of critical vulnerabilities in the infrastructure used by AI models. These vulnerabilities pose a risk to companies that are utilizing AI technology. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. Protect AI, a machine-learning security firm, disclosed the vulnerabilities and provided a 45-day timeframe for the software maintainers and vendors to patch these issues. While some of the vulnerabilities have been fixed, others remain unpatched.

According to Protect AI, these vulnerabilities can allow unauthorized access to AI models, endangering the organization and potentially providing access to the rest of the network. Attackers could compromise servers or steal credentials from low-code AI services, gaining initial access to the network. Protect AI has recommended workarounds in cases where vulnerabilities remain unpatched.

These vulnerabilities are not just theoretical; they pose a real risk to organizations. Companies have already started using AI models for various purposes, such as mortgage processing and anti-money laundering. In addition to infrastructure compromise, the theft of intellectual property is a significant concern. Protect AI also highlights the potential impact of novel exploits on AI systems that facilitate natural-language interactions.

While adversarial attacks on AI systems have received attention, Protect AI’s bug disclosures demonstrate the need to address vulnerabilities in the tools and infrastructure supporting machine-learning processes and AI operations. It is important for businesses to involve information security groups when adopting AI-based tools and workflows. Existing security capabilities may not be sufficient in the AI and cloud environments.

Bug hunting in the AI and machine learning sector is still in its early stages, but it is expected to gain more attention. Trend Micro’s Zero Day Initiative predicts that the demand for finding bugs in AI/ML tools will increase as the industry evolves and security considerations become a higher priority.

Full Article