Secure AI Summit 2024 (Powered by Cloud Native)

The Oligo Security team recently identified ShellTorch, a chain of 4 vulnerabilities that allow a full chain of Remote Code Execution (RCE), with a new CVE-2023-43654 having a CVSS score of 9.8, and found tens of thousands of vulnerable instances publicly exposed in Torchserve, which is part of the PyTorch ecosystem (one of the most widely adopted OSS frameworks for AI in the world), open to unauthorized access and insertion of malicious AI models.   In this talk, we’ll dive into the research team’s identification of the TorchServe vulnerabilities enabling a total takeover of impacted systems.  With the growing popularity of AI and LLMs, securing these applications and their tooling stacks is becoming increasingly important.  Come to this session to unpack this newly discovered high-severity exploit from the researchers themselves, which enables the viewing, modifying, stealing, and deleting of AI models and sensitive data on a targeted TorchServe server, with a live demo of its reproduction, and steps you can take immediately to mitigate the risk.