#AI #bugbounty program yields 34 flaws in #opensource tools
Nearly three dozen flaws in open-source AI and #machinelearning (ML) tools were disclosed Tuesday as part of #ProtectAI's #huntr bug bounty program.
Protect AI's #security researchers point out these open-source tools are "downloaded thousands of times a month to build enterprise AI Systems."
The three critical #vulnerabilties have already been addressed by their respective companies, according to the article.
https://www.scworld.com/news/ai-bug-bounty-program-yields-34-flaws-in-open-source-tools

It's time to start really thinking hard about how to #ProtectAI and ourselves from #AI. Finally, someone is starting the conversation about identifying the #AttackSurface. We need to build upon this as the weeks/months carry on with #LLM like #ChatGPT: https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/?mc_cid=e624e51c73&mc_eid=f3b7f7e36f

MLFlow bug: LFI -> Get SSH priv key -> SSH -> Profit
---
RT @ProtectAICorp
Protect AI discovers 2 critical CVEs in MLflow. MLflow is a popular OSS used in ML systems with >13M downloads per month. Learn more to see how hackers could take complete system control, and more -> https://bit.ly/3LI5Nso #AIØD #protectai #mlsecops #AIZeroDay
https://twitter.com/ProtectAICorp/status/1639235617510014978