Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities.
The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities.
The experts discovered that specific security risks may be exploited against the supply chain tools that are used to create the machine learning models that drive AI applications.
Thousands of times a month, these open-source tools are downloaded to develop enterprise artificial intelligence systems.
The analysis highlights Remote Code Execution (RCE) as a widespread vulnerability that enables an attacker to execute commands or programs on a victim’s computer or server without requiring physical access.
The compromised system could be fully taken over by the attacker, resulting in data breaches.
Significant Vulnerabilities In AI Systems
Remote Code Execution In PyTorch Serve:
An attacker can use this vulnerability to run arbitrary code to compromise the server hosting PyTorch Serve.
With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity, and CVE is unavailable as per the maintainer’s request.
If PyTorch Serve were exposed to the network, a remote user uploading a model containing malicious code might attack it.
When the model is deployed, this code is run, which could result in remote code execution on the server.
Insecure Deserialization In BentoML
With a CVSS base score of 9.8, this vulnerability is categorized as a critical severity and is tracked as CVE-2024-2912.
This vulnerability allows remote attackers to execute arbitrary code on the server.
An unsafe deserialization vulnerability exists in BentoML. An attacker can run any code on the server hosting the BentoML application by sending a specially crafted request.
It is recommended that you upgrade to version 1.2.5.
Regular Expression Denial Of Service (ReDoS) In FastAPI
With a High severity level and a CVSS base score of 7.5, the bug is tracked as CVE-2024-24762.
A denial of service attack may result from this vulnerability, making the server unresponsive.
FastAPI is susceptible to a ReDoS attack when parsing Form data in certain scenarios. By fully using the CPU, this vulnerability can be used to render the server unresponsive.
Server-Side Template Injection In BerriAI/Litellm
Attackers may use this vulnerability to permit the server to execute illegal commands.
In BerriAI’s litellm project, the hf_chat_template method uses the Jinja template engine to process user input without properly sanitizing it. On the server, this can be used to run arbitrary commands.
It is recommended to upgrade to version 0.109.1
The Complete List Of Vulnerabilities In AI Systems
Hence, this pro-active method of detecting and resolving security issues in AI systems gives everyone significant information about vulnerabilities and facilitates their prompt fix to these vulnerabilities.