Security experts have issued a cautionary alert regarding potential breaches in numerous businesses attributed to the exploitation of the open-source Ray platform for AI modeling. This marks a significant development in cyberattacks, leveraging AI computing vulnerabilities identified in real-world scenarios. Evidence suggests that this technique has been employed to target at least three prominent organizations and numerous others.
The vulnerability was uncovered by Oligo Security, a Jewish digital business, revealing that hackers utilized the exploit to deploy cryptocurrency miners on compromised servers. This illicit activity redirected processing power towards mining electronic coins using AI infrastructure. Additionally, hackers gained unauthorized access to vulnerable machines by acquiring “tokens,” enabling them to breach various AI and business applications like OpenAI and Slack. Some businesses even had access to Line payment service tokens due to their integration for payment processing within AI applications. The extent of financial losses resulting from these cryptocurrency exploits remains unclear, with no responses from OpenAI and Stripe regarding these incidents.
Slack’s Director, Dolleen Cross, described the situation as unfortunate and expressed empathy for affected customers, emphasizing that the risk does not stem from inherent flaws within the Slack platform.
Gal Elbaz, the CTO of Oligo Security, highlighted the financial motivation behind these attacks, stating, “They’re attacking that infrastructure of AI, they’re leveraging it to make a lot of money.”
While the affected entities were not disclosed by the researchers, Forbes reported that among them were entities conducting medical research and an American institution, potentially impacting thousands of devices. Oligo Security collaborated with these organizations to address the identified exploit.
Ray, a widely used platform by major tech corporations like Amazon, Uber, and Intel for processing extensive AI workloads, was found to have a critical security flaw. Misconfigurations in setting up Ray on the internet without proper authentication exposed servers to exploitation via an API, allowing hackers to execute malicious code and deploy malware and crypto miners.
Following Oligo’s revelations, Anyscale, the organization overseeing Ray’s development, acknowledged the vulnerability related to executing code through the API without stringent authentication measures. Anyscale has initiated the development of a feature to alert users if their Ray systems are exposed on the open internet, emphasizing the importance of securing Ray deployments against unauthorized access.
Oligo Security uncovered evidence indicating that hackers were aware of Anyscale’s vulnerability on public machines before the recent attacks, with some compromised systems remaining breached for over a year. This underscores the urgent need for robust security measures to safeguard AI infrastructure from malicious exploitation.
The potential risks associated with intruders manipulating AI models to carry out harmful actions have been a longstanding concern among security experts. With recent attacks demonstrating the tangible impact of such threats, the imperative for proactive security measures to mitigate these risks is more pronounced than ever.
