Protect AI, an AI cybersecurity startup, has disclosed eight vulnerabilities in the open-source supply chain utilized for in-house AI and ML model development, each assigned a CVE number. Among these vulnerabilities, one is rated critical, and seven are rated high severity. The vulnerabilities include arbitrary file writes, arbitrary file uploads, remote code execution (RCE), server-side template injection bypass, and local file inclusion. Notably, traditional Software Bill of Materials (SBOMs) used for standard code development do not suffice for AI/ML development, as they do not account for the machine learning pipeline’s unique risks. Protect AI advocates for the development of an AI/ML Bill of Materials (BOM) to address these risks, including data poisoning and model bias. The company employs both scanning and bounty hunter methods for vulnerability detection, with its AI/ML bug bounty program, huntr, proving highly successful in discovering vulnerabilities and positioning Protect AI as a leader in AI/ML threat intelligence.
Read more: https://www.securityweek.com/eight-vulnerabilities-disclosed-in-the-ai-development-supply-chain/