"AI-Based Visual Editing Service Leaks User Images and Customer Data"

Internet users have become increasingly fascinated with Artificial Intelligence (AI)-based tools such as ChatGPT and DALL-E, but few have likely considered the security consequences of contributing text or images to such programs. Cybernews researchers have found that Cutout.pro, an AI-based visual design platform headquartered in Hong Kong, exposed user-generated content through an unprotected ElasticSearch instance. With the help of an AI-based Application Programming Interface (API), Cutout.pro's services enable users to alter photos and create images. The functionality allows the integration of the company's services into third-party applications. According to the team, Cutout.pro exposed usernames and images made by customers with the company's tools. The instance also contained information regarding the number of user credits, a virtual in-service currency, as well as links to Amazon S3 buckets containing generated images. The exposed instance had about 22 million log entries that referenced usernames for individual users and business accounts, but this does not mean that the same number of users were exposed, as there were duplicate log entries. This article continues to discuss the exposure of data by the AI media manipulation service Cutout.pro.

Cybernews reports "AI-Based Visual Editing Service Leaks User Images and Customer Data"