Researchers have identified multiple security vulnerabilities in popular machine learning operations (MLOps) platforms like Azure Machine Learning, BigML, and Google Cloud Vertex AI. These platforms are used by businesses to develop and deploy AI models for critical operations. According to a new research article by Security Intelligence, Azure Machine Learning can be compromised through device code phishing attacks.
In this scenario, attackers steal access tokens and exfiltrate models stored on the platform by exploiting weaknesses in identity management. BigML users face threats from exposed API keys found in public repositories. These keys could grant unauthorized access to private datasets if not rotated frequently, as they often lack expiration policies.
Google Cloud Vertex AI is vulnerable to attacks involving phishing and privilege escalation.
Vulnerabilities in MLOps Platforms
Attackers can extract GCloud tokens and access sensitive machine learning assets by leveraging compromised credentials to perform lateral movements within an organization’s cloud infrastructure.
To protect against these threats, security experts recommend several measures for each platform. For Azure Machine Learning, best practices include enabling multi-factor authentication (MFA), isolating networks, encrypting data, and enforcing role-based access control (RBAC). BigML users should apply MFA, rotate credentials frequently, and implement fine-grained access controls to restrict data exposure.
For Google Cloud Vertex AI, it is advised to follow the principle of least privilege, disable external IP addresses, enable detailed audit logs, and minimize service account permissions. As businesses increasingly rely on AI technologies, securing MLOps platforms against threats such as data theft, model extraction, and dataset poisoning becomes essential. Implementing proactive security configurations can strengthen defenses and safeguard sensitive AI assets from evolving cyber threats.
Rashan is a seasoned technology journalist and visionary leader serving as the Editor-in-Chief of DevX.com, a leading online publication focused on software development, programming languages, and emerging technologies. With his deep expertise in the tech industry and her passion for empowering developers, Rashan has transformed DevX.com into a vibrant hub of knowledge and innovation. Reach out to Rashan at [email protected]
