The Wiz Research Team delves into the Isolation issues plaguing AI infrastructure providers in their latest project on SAP AI Core. By executing arbitrary code, the team was able to breach internal artifacts, access cloud credentials, and control Kubernetes clusters, highlighting vulnerabilities in tenant isolation. Interesting findings include accessing AWS secrets via Loki, EFS shares without authentication, and compromising the K8s cluster with Google access tokens. The team emphasizes the need for improved isolation standards when running AI models to prevent similar attacks. All vulnerabilities reported to SAP were fixed promptly, demonstrating the importance of security protocols in cloud environments.
https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security