Recent cybersecurity research has revealed a significant number of security vulnerabilities affecting nearly two dozen open-source machine learning (ML) projects. The findings, reported by software supply chain security firm JFrog, highlight weaknesses present on both the server and client sides of these technologies.
The identified server-side vulnerabilities pose a serious risk, as they could enable attackers to seize control of critical servers within an organization—specifically, ML model registries, databases, and pipelines. This level of access can lead to severe data breaches and operational disruptions.
Among the numerous vulnerabilities are those found in prominent platforms such as Weave, ZenML, Deep Lake, Vanna.AI, and Mage AI. These security flaws have been categorized, revealing broader risks associated with the potential remote hijacking of model registries, database frameworks, and ML pipeline operations.
Notably, one critical vulnerability—CVE-2024-7340—is classified with a high CVSS score of 8.8. This directory traversal issue within the Weave ML toolkit allows low-privileged authenticated users to escalate their privileges to an admin role by reading sensitive files.
Additionally, ZenML has an improper access control vulnerability that enables a user with managed server access to upgrade their privileges to full admin rights, granting them the ability to manipulate critical components such as the Secret Store. Other significant vulnerabilities include command injection flaws in Deep Lake and prompt injection vulnerabilities in Vanna.AI, which could lead to remote code execution on host systems.
The Mage AI framework is also affected, with multiple vulnerabilities allowing guest users the capability to execute arbitrary code remotely, owing to improper privilege assignments that remain active post-user deletion. These findings emphasize the critical need for robust security measures in MLOps environments.
JFrog warns that given the extensive access MLOps pipelines have to vital ML datasets and operations, exploiting these vulnerabilities could culminate in profoundly damaging breaches. Each of these attacks detailed in the analysis underscores the potential for exploitation based on the specific access levels these MLOps frameworks provide.
This report comes shortly after JFrog had previously identified over 20 vulnerabilities that could be utilized against MLOps platforms, underlining the pressing cybersecurity challenges in this evolving field.
Accompanying these findings is a new defensive framework named Mantis, designed to counter cyber threats through nuanced prompt injections that disrupt attackers’ automated systems. This innovative approach, developed by researchers at George Mason University, aims to safeguard ML systems by leveraging the vulnerabilities exposed in adversary tactics.
As the MLOps landscape continues to evolve, business owners must prioritize understanding these vulnerabilities, their associated risks, and potential defense mechanisms to mitigate the impact of future cyber threats. By leveraging frameworks such as the MITRE ATT&CK Matrix, organizations can better grasp the tactics and strategies employed by potential adversaries, thus improving their overall security posture against emerging threats.
