AI Sec Watch

Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.

CVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.

CVE-2023-23382 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized access to sensitive information. The vulnerability is related to storing passwords in a recoverable format (CWE-257, meaning passwords are saved in a way that can be converted back to their original form), making it easier for attackers to steal credentials.

A WordPress plugin called 'GPT AI Power' before version 1.4.38 has a security flaw where logged-in users can modify any posts without proper authorization checks (nonce and privilege verification, which are security measures that confirm a user has permission to perform an action). This means someone with basic login access could change or delete content they shouldn't be able to touch.

ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.

The EU AI Act requires technical standards to be written by European standardization organizations (CEN and CENELEC) that explain how companies can safely build high-risk AI systems. These standards follow a six-step approval process and, once published and approved by the European Commission, become 'harmonized and cited standards' that legally presume compliance with safety regulations if companies follow them. The drafting process is currently ongoing but behind schedule, with different standards at different completion stages.

TensorFlow, an open source platform for machine learning, has a bug in the MakeGrapplerFunctionItem function where providing inputs larger than or equal to the output sizes causes an out-of-bounds memory read (reading data from memory locations the program shouldn't access) or a crash. The issue has been patched and will be included in TensorFlow 2.11.0 as well as backported to earlier versions.

TensorFlow, an open source machine learning platform, has a bug in its MakeGrapplerFunctionItem function where providing input sizes that are greater than or equal to output sizes causes an out-of-bounds memory read (accessing memory locations outside the intended range) or a crash. This vulnerability affects how TensorFlow processes data when sizes are mismatched.

This post demonstrates that ChatGPT can be prompted to roleplay as a Microsoft SQL Server (a database management system) and respond with realistic database commands and results, including creating databases, tables, inserting data, and writing stored procedures (reusable blocks of SQL code). The author shows that ChatGPT can understand user intent well enough to execute complex database operations like UPSERTs (operations that update existing records or insert new ones if they don't exist), even when given incomplete information.