Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

April 5, 2024
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft
  1. Home
  2. News
  3. Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, the leading hub for sharing AI models and applications.

In a blog post published on April 4, Wiz Research described the two flaws and the risk they could pose to AI-as-a-service providers.

These are:

  • Shared Inference infrastructure takeover risk
  • Shared Continuous Integration and Continuous Deployment (CI/CD) takeover risk

Shared Inference Infrastructure Takeover Risk

Upon analyzing several AI models uploaded on Hugging Face, Wiz researchers discovered that some were sharing inference infrastructure.

In the context of generative AI, inference refers to a model that makes predictions or decisions based on previously trained models and input data.

The inference infrastructure allows execution of an AI model — either “on edge” (e.g. Transformers.js), via an application programming interface (API) or following an Inference-as-a-Service model (e.g. Hugging Face’s Inference Endpoints).

“Our research found that inference infrastructure often runs untrusted, potentially malicious models that use the ‘pickle’ format,” Wiz researchers wrote.

An AI model in ‘pickle’ format is a serialized, compressed version of a trained model saved using the Python pickle module.

Because it’s a compressed version of the model, it is more compact and takes up less space than storing the raw training data.

However, Wiz noted that malicious pickle-serialized models could contain remote code execution payloads, potentially granting the attacker escalated privileges and cross-tenant access to other customers' models.

Shared CI/CD Takeover Risk

A continuous integration and continuous deployment (CI/CD) pipeline is an automated software development workflow that streamlines the process of building, testing and deploying applications.

It essentially automates the steps that would otherwise be done manually, leading to faster releases and fewer errors.

Wiz researchers found that attackers may attempt to take over the CI/CD pipeline itself and perform a supply chain attack.

Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureFeaturesGenerative AIGDC 2024Horror GamesUnityUbisoftValveStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep Divesunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRootRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025
None
Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks
May 6, 2025
None
Smishing Triad Upgrades Tools and Tactics for Global Attacks
May 6, 2025
None
Texas School District Notifies Over 47,000 People of Major Data Breach
May 6, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025

Popular

None
Ransomware Attacks Fall in April Amid RansomHub Outage
May 5, 2025
None
TikTok Fined €530m Over Transfers of European User Data to China
May 5, 2025
None
Harrods Latest UK Retailer to Fall Victim to Cyber-Attack in Recent Days
May 2, 2025
None
Third of Online Users Hit by Account Hacks Due to Weak Passwords
May 2, 2025
None
White House Warns China of Cyber Retaliation Over Infrastructure Hacks
May 2, 2025
None
CISA Confirms Exploitation of SonicWall Vulnerabilities
May 2, 2025
None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Vox sells Polygon to Valnet in a blow to video game market
May 2, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025

Random

None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
UK Retailer Co-op Confirms Hack, Reports "Small Impact" to Its Systems
April 30, 2025
None
Texas School District Notifies Over 47,000 People of Major Data Breach
May 6, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025
None
'It was really wearing people down:' The funding challenges that followed 'runaway success' Another Crab's Treasure
May 1, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Smishing Triad Upgrades Tools and Tactics for Global Attacks
May 6, 2025
None
Microsoft Expands Cloud, AI Footprint Across Europe
April 30, 2025

Most Views

None
France Slams Russia’s APT28 for Four-Year Cyber-Espionage Campaign
April 30, 2025
None
JPMorgan CISO Urges SaaS Security Reset
April 30, 2025
None
US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers
April 30, 2025
None
DHS Head Accuses CISA of Acting Like “the Ministry of Truth”
April 30, 2025
None
UK Retailer Co-op Confirms Hack, Reports "Small Impact" to Its Systems
April 30, 2025
None
Microsoft Expands Cloud, AI Footprint Across Europe
April 30, 2025
None
RansomHub Refines Extortion Strategy as RaaS Market Fractures
April 30, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Report: EA lays off hundreds of workers after canceling games at Respawn Entertainment
April 30, 2025
None
'We are frustrated:' ZeniMax union workers continue to pressure Microsoft over contract negotiations
April 30, 2025