Priya PatelTLDR:
- A surge of 220% in vulnerabilities impacting AI systems has been discovered, bringing the total to 48.
- Specific security risks may be exploited against the tools used to create machine learning models.
In a recent development, a surge of 220% in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities. The world’s first AI/ML bug bounty program, Protect AI, has been actively analyzing the entire OSS AI/ML supply chain for significant vulnerabilities. Experts have identified specific security risks that may be exploited against the open-source tools used to develop enterprise artificial intelligence systems.
The analysis highlighted Remote Code Execution (RCE) as a widespread vulnerability that enables attackers to execute commands on a victim’s computer or server without physical access, potentially resulting in data breaches. Major vulnerabilities such as Remote Code Execution in PyTorch Serve, Insecure Deserialization in BentoML, Regular Expression Denial Of Service in FastAPI, and Server-Side Template Injection in BerriAI/Litellm have been identified with varying severity levels.
The complete list of vulnerabilities in AI systems includes critical, high, medium, and low severity vulnerabilities across various AI platforms. The discovery and resolution of these vulnerabilities are crucial to ensuring the security of AI systems and preventing potential cyber attacks.
This pro-active approach towards identifying and resolving security issues in AI systems provides valuable insights into vulnerabilities and enables timely fixes to mitigate potential risks. By staying informed about these vulnerabilities and implementing necessary upgrades and patches, organizations can enhance the security of their AI systems and protect against cyber threats.
