writeups.xyz / Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations

Submitter : c2a

Date: 4 April 2024

Bounty : 200

Vulnerabilities :

• AI
• Malicious AI Model
• Cloud
• CI/CD
• RCE
• Insecure Deserialization
• Privilege Escalation
• Supply Chain Attack
• Cross-Tenant Vulnerability

Programs :

• Hugging Face

Authors :

• Shir Tamari (@Shirtamari)
• Sagi Tzadik (@Sagitz_)

Link :
https://www.wiz.io/blog/wiz-and-hugging-face-address-risks-to-ai-infrastructure