"Protect AI Finds Vulnerabilities in Open-Source AI and Machine Learning Tools"

Protect AI has released a new report highlighting vulnerabilities recently discovered in open-source Artificial Intelligence (AI) and Machine Learning (ML) tools by its bug bounty program. The first vulnerability posed a significant risk of server takeover and the loss of sensitive data. The MLflow tool, used for storing and tracking models, was discovered to contain a critical flaw in its code that could trick users into connecting to a malicious remote data source, thus allowing attackers to run commands on a victim's system. Another security flaw found in MLflow was the Arbitrary File Overwrite vulnerability, stemming from a bypass in the tool's validation function. Malicious actors could use this vulnerability to remotely overwrite files on the MLflow server. This article continues to discuss the vulnerabilities found in open-source AI and ML tools.

SiliconANGLE reports "Protect AI Finds Vulnerabilities in Open-Source AI and Machine Learning Tools"

Submitted by grigby1