ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI


In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers?

A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. Once active, that model could exfiltrate your sensitive machine learning (ML) models and fine-tuned large language model (LLM) adapters. With access to these adapters, attackers could replicate your custom tuning and optimizations, exposing sensitive information embedded in fine-tuning patterns. Palo Alto Networks researchers recently uncovered two vulnerabilities in Google’s Vertex AI platform. These vulnerabilities could have allowed attackers to escalate privileges and exfiltrate models. We

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter


Related:

  • Google Project Zero: ‘Here’s the secret to flagging up bugs before hackers find them’

    August 3, 2018

    Samsung’s utterly confusing vulnerability reporting website has prompted one of Google’s top security researchers to explain how companies should help researchers report bugs and eliminate hackable flaws in products quickly. Google’s Project Zero bug hunter, Natalie Silvanovich, who Microsoft has recognized as a top 10 researcher in the world, has a few tips for vendors of all types ...

  • Poor cybersecurity could destabilise increasingly complex energy grids

    July 26, 2018

    The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...

  • NetSpectre — New Remote Spectre Attack Steals Data Over the Network

    July 26, 2018

    A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed “NetSpectre,” the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass ...

  • Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

    July 20, 2018

    A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create “shortcuts” to various Windows 10 setting pages. “All this file does is open the Control Panel ...

  • DDoS Attacks Get Bigger, Smarter and More Diverse

    July 17, 2018

    DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...

  • Investigation reveals elaborate technology terror web

    July 16, 2018

    In late December 2015 a uniformed Pentagon spokesman, Colonel Steve Warren, made a video announcement about “Operation Inherent Resolve”, the US military’s campaign against the so-called Islamic State (IS) group in Iraq and Syria. The spokesman gave details about 10 senior IS figures who had been targeted and killed, many in drone strikes, over the course ...