AI Artifacts - gettectonic.com
AI Infrastructure Flaws
08Aug

AI Infrastructure Flaws

Wiz Researchers Warn of Security Flaws in AI Infrastructure Providers AI infrastructure providers like Hugging Face and Replicate are vulnerable to emerging attacks and need to strengthen their defenses to protect sensitive user data, according to Wiz researchers. AI Infrastructure Flaws come from security being an afterthought. During Black Hat USA 2024 on Wednesday, Wiz security experts Hillai Ben-Sasson and Sagi Tzadik presented findings from a year-long study on the security of three major AI infrastructure providers: Hugging Face, Replicate, and SAP AI Core. Their research aimed to assess the security of these platforms and the risks associated with storing valuable data on them, given the increasing targeting of AI platforms by cybercriminals and nation-state actors. Hugging Face, a machine learning platform that allows users to create models and store datasets, was recently targeted in an attack. In June, the platform detected suspicious activity on its Spaces platform, prompting a key and token reset. The researchers demonstrated how they compromised these platforms by uploading malicious models and using container escape techniques to break out of their assigned environments, moving laterally across the service. In an April blog post, Wiz detailed how they compromised Hugging Face, gaining cross-tenant access to other customers’ data and training models. Similar vulnerabilities were later identified in Replicate and SAP AI Core, and these attack techniques were showcased during Wednesday’s session. Prior to Black Hat, Ben-Sasson, Tzadik, and Ami Luttwak, Wiz’s CTO and co-founder, discussed their research. They revealed that in all three cases, they successfully breached Hugging Face, Replicate, and SAP AI Core, accessing millions of confidential AI artifacts, including models, datasets, and proprietary code—intellectual property worth millions of dollars. Luttwak highlighted that many AI service providers rely on containers as barriers between different customers, but warned that these containers can often be bypassed due to misconfigurations. “Containerization is not a secure enough barrier for tenant isolation,” Luttwak stated. After discovering these vulnerabilities, the researchers responsibly disclosed the issues to each service provider. Ben-Sasson praised Hugging Face, Replicate, and SAP for their collaborative and professional responses, and Wiz worked closely with their security teams to resolve the problems. Despite these fixes, Wiz researchers recommended that organizations update their threat models to account for potential data compromises. They also urged AI service providers to enhance their isolation and sandboxing standards to prevent lateral movement by attackers within their platforms. The Risks of Rapid AI Adoption The session also addressed the broader challenges associated with the rapid adoption of AI. The researchers emphasized that security is often an afterthought in the rush to implement AI technologies. “AI security is also infrastructure security,” Luttwak explained, noting that the novelty and complexity of AI often leave security teams ill-prepared to manage the associated risks. Many organizations testing AI models are using unfamiliar tools, often open-source, without fully understanding the security implications. Luttwak warned that these tools are frequently not built with security in mind, putting companies at risk. He stressed the importance of performing thorough security validation on AI models and tools, especially given that even major AI service providers have vulnerabilities. In a related Black Hat session, Chris Wysopal, CTO and co-founder of Veracode, discussed how developers increasingly use large language models for coding but often prioritize functionality over security, leading to concerns like data poisoning and the replication of existing vulnerabilities. Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
August 8, 2024in Salesforce
Smithsonian Data Cloud
12Jul

Smithsonian Data Cloud

The Smithsonian already embraces technology through its Open Access Initiative. ousing 2D and 3D renders of collections it provides access to over 20 museums. Enter Salesforce and Smithsonian Data Cloud. The world’s largest network of research, museum, and education facilities, the Smithsonian Institution, manages over 150 million collections across its 21 museums, the National Zoo, and eight research centers. Navigating this vast array of artifacts can be overwhelming, even for dedicated history enthusiasts. To enhance accessibility, the Smithsonian Institution is collaborating with cloud computing giant Salesforce. The goal is to streamline the user experience by integrating disparate data sources, such as ticketing systems and donation histories, into a unified system. This initiative aims to provide a clearer blueprint of Smithsonian’s diverse locations and offerings, according to Lori Freeman, Salesforce’s Vice President and General Manager of Nonprofit Industry Solutions and Strategy. “Smithsonian is so progressive. They have all this content, they have all this history, they have incredible tools,” Freeman told Technical.ly. “So this technology is going to enable them to reach audiences they would never get to.” For instance, this system will allow museum staff and volunteers to assist visitors in locating exhibits across different Smithsonian locations. Becky Kobberod, the Smithsonian’s Head of Digital Transformation, illustrated this by describing how a visitor at the Hirshhorn could ask about a piece of art at the National Museum of American History. “It’s connecting the dots and creating a Smithsonian ecosystem that we currently don’t have. If you want to engage in our various museums, you go to each of them separately,” Kobberod said. “Whereas now, we’re providing you a front door, so to speak, that can help you navigate across all of the many different museums and resources that we have.” Although specifics about the technology and user interface have not been disclosed, Freeman emphasized that the main objectives are to keep visitors engaged and to build lifelong relationships with both in-person and virtual visitors. Building on Current Tech Resources The Smithsonian’s Open Access initiative, launched in early 2020, offers 2D and 3D renderings of its collections, totaling around 5 million items to date. Users can interact with 3D images to get a 360-degree view of fossils, sculptures, and artifacts like Neil Armstrong’s spacesuit. This initiative began with 2.8 million pieces and continues to grow, said Kobberod. In addition to Open Access, the Smithsonian has other digital initiatives. In 2022, the National Museum of African American History and Culture, in collaboration with Baltimore-based digital services firm Fearless, launched a searchable online platform to make certain collections and stories more accessible. Kobberod noted that only about 1% of the collections are physically displayed at any given time. Digitizing and uploading these collections not only preserves them but also makes them accessible to people who might not have the means to visit in person. “Smithsonian exists as a service to all of the American public,” she said. “We know that this is core to our future, and to making what we have available to the nation and the world.” Like Related Posts Salesforce OEM AppExchange Expanding its reach beyond CRM, Salesforce.com has launched a new service called AppExchange OEM Edition, aimed at non-CRM service providers. Read more The Salesforce Story In Marc Benioff’s own words How did salesforce.com grow from a start up in a rented apartment into the world’s Read more Salesforce Jigsaw Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more Health Cloud Brings Healthcare Transformation Following swiftly after last week’s successful launch of Financial Services Cloud, Salesforce has announced the second installment in its series Read more

Read More
July 12, 2024in Salesforce Data Cloud, Salesforce Experience Cloud, Salesforce Hospitality Travel and Transportation, Salesforce Optimization, Salesforce Public Sector Solutions

Subscribe to our mailing list. Join our mail list to receive our newsletter

We'll keep you up to date with our latest news, insights, free resources, and much more.
Don't worry, we won't spam you.
gettectonic.com