Wiz, a cybersecurity research company, has released a report on testing the SAP AI Core service for training artificial intelligence models using internal organizational data. The team was able to penetrate the SAP container registry and breach into the data of other SAP customers.
The SAP AI Core allows SAP customers to create Argo Workflows to run tasks. Although this feature allows customers to run any task, the process rights are limited. However, configuring the shareProcessNamespace config allows researchers to access Istio rights to open an internal network within the SAP cluster. Subsequently, the team discovered an unprotected Grafana Loki server that exposed an AWS Access Key accessing S3 data, which SAP claims is not sensitive information.
However, the crucial finding was the unsecured AWS Elastic File System (EFS) that did not store passwords. Upon opening the files, a significant amount of customer data was found, along with an unsecured Helm Server and Docker Registry.
Wiz had previously tested multiple AI service vulnerabilities, including HuggingFace and Replicate. This incident highlights the challenge of creating a secure AI service, as customers must be granted access to run code on platforms with vast amounts of input data. Building platforms on Kubernetes is also complex, with creators often mistakenly separating customers, leading to frequent errors.
The research team reported these vulnerabilities to SAP since January, and SAP promptly addressed them. However, additional vulnerabilities were reported later. Once SAP rectified all issues, the research findings were publicly disclosed today.
TLDR: Wiz’s report on testing the SAP AI Core service uncovered significant vulnerabilities, prompting swift action from SAP to address the issues and ensure data security.
Leave a Comment