Sign up to save tools and stay up to date with the latest in AI
bg
bg
1

Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

Apr 06, 2024 - infosecurity-magazine.com
Cloud security provider Wiz has identified two critical architecture flaws in generative AI models shared on Hugging Face, a hub for AI models and applications. The flaws include a risk of shared inference infrastructure takeover and shared continuous integration and deployment (CI/CD) takeover. The former involves the potential for malicious models to gain escalated privileges and cross-tenant access to other models, while the latter could lead to a supply chain attack.

Wiz has worked with Hugging Face to mitigate these issues, and warns that these findings are likely not unique to Hugging Face, but represent challenges faced by many AI-as-a-service companies. The security firm has urged the security community to work closely with these companies to ensure safe infrastructure and guardrails are put in place without hindering growth.

Key takeaways:

  • Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, which could pose a risk to AI-as-a-service providers. The flaws are Shared Inference infrastructure takeover risk and Shared Continuous Integration and Continuous Deployment (CI/CD) takeover risk.
  • Wiz researchers discovered that some AI models were sharing inference infrastructure, which often runs untrusted, potentially malicious models that use the 'pickle' format. These malicious pickle-serialized models could contain remote code execution payloads, potentially granting the attacker escalated privileges and cross-tenant access to other customers' models.
  • Attackers may attempt to take over the CI/CD pipeline itself and perform a supply chain attack. Wiz researchers also demonstrated attacks impacting generative AI models used in the cloud by targeting the named infrastructure flaws on Hugging Face.
  • Wiz and Hugging Face collaborated to mitigate the issues. Hugging Face has published its own blog post describing the collaborative work. Wiz researchers concluded that these findings are not unique to Hugging Face and represent challenges that many AI-as-a-Service companies will face.
View Full Article

Comments (0)

Be the first to comment!