Skip to main content

In 2024, cybersecurity researchers from Wiz uncovered serious vulnerabilities in SAP AI Core, a cloud-based platform for managing and deploying AI models. In environments where resources are shared among multiple users, these flaws presents significant risks.

The Vulnerabilities

The SAP AI Core vulnerabilities allow Attackers to carry out Remote Code Execution by uploading a compromised AI model, which would then execute harmful commands on the system. Another critical issue was the insufficient separation between user accounts, allowing attackers to breach one account and access data from others—a problem identified as Cross-Tenant Attacks. Additionally, attackers could manipulate containers sharing the same network space to intercept and alter traffic, leading to unauthorized data access.

How It Was Exploited

The attackers took advantage of these vulnerabilities by creating a malicious container. Once uploaded, this container granted them root access to control the system. They employed standard network tools to intercept traffic within the Kubernetes cluster, injecting malicious packets and manipulating data. Moreover, they accessed a shared Redis server, enabling them to tamper with data and disrupt AI predictions. These exploits highlighted the urgent need for stronger isolation and security measures in shared AI environments to prevent cross-tenant attacks and maintain data integrity.

SAP AI Core
Credit: wiz.io

In response, SAP acted swiftly to address the issues. They released security patches to fix the vulnerabilities, improved the isolation between different tenants’ environments to prevent cross-tenant attacks, and enhanced their monitoring tools to detect and prevent future exploits.

To avoid security breaches in the future, it is essential to keep systems up-to-date with the latest patches. Ensure robust separation in shared environments. Additionally, use advanced monitoring tools to detect unusual activity and potential breaches.

About the author: