Priya PatelTLDR:
- The number of AI-related zero-day vulnerabilities has tripled since November 2023, with 48 vulnerabilities uncovered in April 2024 alone.
- Common threats include remote code execution (RCE) which can lead to unauthorized access, data breaches, system compromise, and system takeover.
The latest findings from Protect AI’s huntr community reveal a significant increase in vulnerabilities for AI and ML applications. The report highlights a 220% rise in vulnerabilities within popular open-source software projects such as MLFlow, Ray, and Triton Inference Server. A particularly prevalent threat identified in the report is Remote Code Execution (RCE), enabling attackers to take full control of compromised systems. Marcello Salvati, a senior threat researcher at Protect AI, emphasizes the need for enhanced security measures and secure coding practices in AI development environments.
The report underscores the concerning trend of AI/ML zero-day vulnerabilities and points out notable vulnerabilities in PyTorch Serve and BentoML, which allow attackers to achieve RCE on servers. Salvati emphasizes the importance of least privilege and Zero Trust security models, along with training developers in secure coding practices. The rapid adoption of AI/ML tools presents a risk of deploying insecure solutions without proper security maturity. Despite the potential advantages of AI-based cyber tools to combat threats, organizations must prioritize security alongside innovation to mitigate risks effectively.
