It was determined that attackers could compromise the integrity of artificial intelligence models by tampering with them during training. Hackers gained access to internal networks, databases and accounts on platforms such as OpenAI, Hugging Face, Stripe and Azure. They also placed miners on hacked servers to steal computing power for cryptocurrency mining. Hackers also set up tools to remotely control servers, allowing them to carry out further attacks.
The vulnerability lies in the central Ray panel, which has no authentication by default. Anyone who gains access to it can view commands, steal data, and execute code. Security researchers consider this problem to be extremely serious.
However, Ray developer Anyscale disputes the vulnerability claim. They claim that Ray is designed for remote code execution and must be deployed on a secure network. While Anyscale plans to add authentication over time, their priority is user control rather than security measures.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.