July 18, 2024 at 06:27AM
Cybersecurity researchers discovered five vulnerabilities in SAP AI Core platform, making unauthorized access and data theft possible. With responsible disclosure, SAP addressed the weaknesses, preventing potential misuse. The findings coincide with increased enterprise use of generative AI and the emergence of a new cybercriminal threat group, NullBulge, targeting AI and gaming-focused entities and aiming to sell compromised OpenAI API keys.
From the meeting notes, the main topics covered include cybersecurity vulnerabilities in the SAP AI Core cloud-based platform that could potentially allow unauthorized access to customer data and artifacts. These vulnerabilities, collectively dubbed SAPwned by Wiz, were addressed by SAP after responsible disclosure. Additionally, the notes highlight the potential risks associated with the growing enterprise use of generative AI, such as the need for blocking controls and data loss prevention tools. Furthermore, the emergence of a new cybercriminal threat group called NullBulge, targeting AI- and gaming-focused entities, was discussed, including their use of malicious tools and payloads.