"Critical Vulns Found in Ray Open-Source Framework for AI/ML Workloads"

Researchers from Bishop Fox have reported that organizations using Ray, an open-source framework for scaling Artificial Intelligence (AI) and Machine Learning (ML) workloads, could face attacks due to three unpatched vulnerabilities in the technology. The flaws allow attackers to gain operating system access to all nodes in a Ray cluster, enable Remote Code Execution (RCE), escalate privileges, and more. The Bishop Fox researchers discovered the flaws in August and reported them to Anyscale, which sells a fully managed version of the technology. Researchers from the security vendor Protect AI had also reported two of the same vulnerabilities to Anyscale. This article continues to discuss the vulnerabilities found in the Ray open-source framework for AI/ML workloads.

Dark Reading reports "Critical Vulns Found in Ray Open-Source Framework for AI/ML Workloads"

Submitted by grigby1