Connect with us

Hi, what are you looking for?

Tech & Science

Step increase in AI API vulnerabilities in 2024

Examples include mistakes in early AI development cycles that have created vulnerabilities for industry giants like Mercedes-Benz.

Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns
Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns - Copyright AFP Ahmad Al-rubaye
Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns - Copyright AFP Ahmad Al-rubaye

A new report shows that AI has a major Application Programming Interface (API) problem. This is according to a Wallarm Report (from the end-to-end API and app security company). The report reveals a significant uptick in sophisticated cyber threats targeting APIs of AI infrastructure products. As more AI products and tools rely on APIs, they are becoming increasingly vulnerable to new and potentially critical API security risks.

DevOps and DevTools are another route for attackers. API vulnerabilities span commonly used DevOps tools, with DevOps tools and development frameworks contributing to the vulnerability.

Examples include mistakes in early AI development cycles that have created vulnerabilities for industry giants like Mercedes-Benz to tech innovators like NVIDIA’s Triton Inference Server, ZenML, and Hail.

Mercedes-Benz

A major API Leak provided unrestricted access to their source code and GitHub Enterprise, which exposed cloud keys and internal documents. Because of the extent of the exposure to critical breaches and destructive attacker behaviour, this is the worst threat of 2024 so far,.

ZenML

ZenML is a platform used by thousands of top-tier companies like Airbus and Goodyear for standardizing MLOps workflows. The company faced a critical API vulnerability, giving attackers unauthorized access to ZenML accounts.

The ZenML Takeover via Account Activation REST API vulnerabilities (CVE-2024-25723) ranks second because of the simplicity of the exploit and its potential to grant widespread, unauthorized access to MLOps workflows belonging to thousands of enterprises.

GitLab

A deceptively simple attack via the Account Takeover vulnerability (CVE-2023-7028) allowed hackers to intercept password reset codes via email, enabling the potential to commandeer an organization’s entire GitLab instance.

NVIDIA

The NVIDIA AI Platform Path Traversal Exploit (CVE-2023-31036) had the potential for severe and wide-ranging consequences for NVIDIA customers, including code execution, privilege escalation and others. NVIDIA was quick to act, which apparently saved them from the top spot.

Grafana

The Grafana exploit (CVE-2024-1442) gave users with data source creation permissions the ability to grant access to read, query, edit and delete all data sources within the organization. This is still under investigation and could escalate.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Rising country recording artist Vincent Mason chatted about his new music, which includes his single "Speak of the Devil."

Entertainment

On Monday, November 11th, the 32nd Oscar Hammerstein Awards GALA took place at The Edison Ballroom in New York City.

Business

New UN rules would give local communities more power to object to carbon credit projects - Copyright AFP/File Juan Pablo PinoThe creation of a...

Business

The euro hit a one-year low and the pound fell against the dollar.