ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI


In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers?

A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. Once active, that model could exfiltrate your sensitive machine learning (ML) models and fine-tuned large language model (LLM) adapters. With access to these adapters, attackers could replicate your custom tuning and optimizations, exposing sensitive information embedded in fine-tuning patterns. Palo Alto Networks researchers recently uncovered two vulnerabilities in Google’s Vertex AI platform. These vulnerabilities could have allowed attackers to escalate privileges and exfiltrate models. We

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter


Related:

  • Microsoft, Google: We’ve found a fourth variant of Meltdown-Spectre CPU holes

    May 21, 2018

    A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers. These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, ...

  • One Year After WannaCry: A Fundamentally Changed Threat Landscape

    May 17, 2018

    It’s been one year this week since the ransomware known as WannaCry infected more than 200,000 machines in 150 countries, causing billions of dollars in damages and grinding global business to a halt. The speed and scale of the attack – helped along by leaked National Security Agency hacking tools – was obviously notable, but ...

  • Critical Linux Flaw Opens the Door to Full Root Access

    May 16, 2018

    Red Hat has patched a vulnerability affecting the DHCP client packages that shipped with Red Hat Enterprise Linux 6 and 7. A successful exploit could give an attacker root access and full control over enterprise endpoints. According to an alert issued Wednesday from US-CERT, the critical-rated flaw, first reported by Google researcher Felix Wilhelm, would “allow attackers to ...

  • Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

    May 16, 2018

    Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using uncached memory or ...

  • Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

    May 15, 2018

    An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months. Anton Cherepanov, ...

  • This malware checks your system temperature to sidestep sandboxing

    May 1, 2018

    GravityRAT is a Trojan which checks the temperature of a system to detect the presence of virtual machines (VMs) and prevent efforts at analysis by researchers. By taking thermal readings, the Remote Access Trojan (RAT), which has become a recent menace in India, attempts to find out whether or not VMs are being employed for the ...