SAP, a leading provider of enterprise software, recently faced a significant cybersecurity challenge when researchers from cloud security firm Wiz uncovered vulnerabilities in its AI Core platform. These security flaws exposed sensitive customer data to potential cyber-attacks, raising concerns about the rush to adopt AI technologies without proper security measures. The vulnerabilities discovered by Wiz allowed attackers to access customers’ private artifacts and credentials in various cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and SAP HANA Cloud.
By exploiting these weaknesses, malicious actors could modify Docker images in SAP’s internal container registry and those hosted on Google Container Registry, potentially leading to supply chain attacks on SAP AI Core services. Hillai Ben-Sasson, a security researcher at Wiz, reported, “The vulnerabilities we found could have allowed attackers to access customers’ data and contaminate internal artifacts—spreading to related services and other customers’ environments.
The flaws also enabled attackers to gain cluster administrator privileges on SAP AI Core’s Kubernetes cluster by exploiting the exposed Helm package manager server. With this level of access, attackers could directly access other customers’ Pods, steal sensitive data such as models, datasets, and code, and even interfere with customers’ Pods, tainting AI data and manipulating model inferences.
Wiz highlighted that these issues stem from the platform’s inability to run malicious AI models and training procedures with adequate isolation and sandboxing mechanisms. Ben-Sasson explained, “Recent security flaws in AI service providers like SAP AI Core emphasize significant vulnerability in tenant isolation and segmentation implementations.
Sap ai Core security flaws
Unlike veteran cloud providers with robust isolation techniques, these newer services often lack this knowledge and rely on containerization, which offers weaker security.
The findings underscore the need for greater awareness of tenant isolation and pushing the AI service industry to harden their environments. Ben-Sasson warned, “People should be aware that AI models are essentially code. When running AI models on your own infrastructure, you could be exposed to potential supply chain attacks.
Only run trusted models from trusted sources and properly separate between external models and sensitive infrastructure. When using AI service providers, verifying their tenant-isolation architecture and ensuring they apply best practices is essential.
SAP addressed and fixed these vulnerabilities after Wiz responsibly disclosed them on January 25, 2024. However, the incident has sparked a broader discussion about the implications of rapidly integrating AI technologies without adequately addressing security concerns.
As organizations increasingly adopt AI, it is crucial to prioritize robust security measures and collaborate closely with IT and InfoSec teams to mitigate potential risks. The SAP AI Core vulnerabilities serve as a reminder that the rush to deploy AI should not come at the expense of comprehensive security practices, and constant vigilance is necessary to protect sensitive data in the evolving landscape of AI and cloud security.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
