In this web content, the author discusses their experience exploiting a critical vulnerability in PyTorch, a popular ML platform used by big companies like Google and Boeing. They explain that their research led them to discover supply chain compromises and vulnerabilities in leading ML platforms and blockchains. The author goes on to explain the details of their attack on PyTorch, including identifying the vulnerability, executing the attack, and exploiting secrets and repository releases. They also discuss the use of GitHub Actions and self-hosted runners in their attack. The content highlights the potential impact and seriousness of supply chain attacks in the AI/ML industry.
https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/