Connect with us

Hi, what are you looking for?

Tech & Science

Step increase in AI API vulnerabilities in 2024

Examples include mistakes in early AI development cycles that have created vulnerabilities for industry giants like Mercedes-Benz.

Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns
Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns - Copyright AFP Ahmad Al-rubaye
Economists have widely predicted that China will fail to meet its 5.5 percent GDP growth target, blaming record youth unemployment, ballooning developer debt and manufacturing disruptions from frequent Covid lockdowns - Copyright AFP Ahmad Al-rubaye

A new report shows that AI has a major Application Programming Interface (API) problem. This is according to a Wallarm Report (from the end-to-end API and app security company). The report reveals a significant uptick in sophisticated cyber threats targeting APIs of AI infrastructure products. As more AI products and tools rely on APIs, they are becoming increasingly vulnerable to new and potentially critical API security risks.

DevOps and DevTools are another route for attackers. API vulnerabilities span commonly used DevOps tools, with DevOps tools and development frameworks contributing to the vulnerability.

Examples include mistakes in early AI development cycles that have created vulnerabilities for industry giants like Mercedes-Benz to tech innovators like NVIDIA’s Triton Inference Server, ZenML, and Hail.

Mercedes-Benz

A major API Leak provided unrestricted access to their source code and GitHub Enterprise, which exposed cloud keys and internal documents. Because of the extent of the exposure to critical breaches and destructive attacker behaviour, this is the worst threat of 2024 so far,.

ZenML

ZenML is a platform used by thousands of top-tier companies like Airbus and Goodyear for standardizing MLOps workflows. The company faced a critical API vulnerability, giving attackers unauthorized access to ZenML accounts.

The ZenML Takeover via Account Activation REST API vulnerabilities (CVE-2024-25723) ranks second because of the simplicity of the exploit and its potential to grant widespread, unauthorized access to MLOps workflows belonging to thousands of enterprises.

GitLab

A deceptively simple attack via the Account Takeover vulnerability (CVE-2023-7028) allowed hackers to intercept password reset codes via email, enabling the potential to commandeer an organization’s entire GitLab instance.

NVIDIA

The NVIDIA AI Platform Path Traversal Exploit (CVE-2023-31036) had the potential for severe and wide-ranging consequences for NVIDIA customers, including code execution, privilege escalation and others. NVIDIA was quick to act, which apparently saved them from the top spot.

Grafana

The Grafana exploit (CVE-2024-1442) gave users with data source creation permissions the ability to grant access to read, query, edit and delete all data sources within the organization. This is still under investigation and could escalate.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Education bosses in Los Angeles voted Tuesday to work towards a complete ban on the use of smartphones in the city's schools.

Business

Asian markets drifted Thursday as investors try to gauge the outlook for US interest rates.

Business

Whether it’s the timeless class of Harry Kane’s Bentley Continental or the sporty style of Kyle Walker’s Lamborghini Huracan.

Life

These data show an overall trend in fewer miles before a collision globally, suggesting the need for a renewed focus on safety.