SAP security holes raise questions about the rush to AI
- by nlqip
“As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant. The AI training process requires access to vast amounts of sensitive customer data, which turns AI training services into attractive targets for attackers. SAP AI Core offers integrations with S/4HANA and other cloud services, to access customers’ internal data via cloud access keys. These credentials are highly sensitive.”
Alarming holes
Given how widely deployed SAP systems are within enterprises, and how integrated SAP is with so many other enterprise-level applications and cloud environments, Wiz said the holes were especially alarming.
“By executing arbitrary code, we were able move laterally and take over the service – gaining access to customers’ private files, along with credentials to customers’ cloud environments: AWS, Azure, SAP S/4HANA Cloud, and more,” the report said. “The vulnerabilities we found could have allowed attackers to access customers’ data and contaminate internal artifacts – spreading to related services and other customers’ environments.”
Source link
lol
“As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant. The AI training process requires access to vast amounts of sensitive customer data, which turns AI training services into attractive targets for attackers. SAP AI Core offers integrations with S/4HANA and other…
Recent Posts
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
- Five Companies That Came To Win This Week
- The 10 Hottest Semiconductor Startups Of 2024
- Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps