Particle.news
Download on the App Store
3 ARTICLES
·
last yr.

Massive Attack on Ray AI Framework Compromises Thousands of Servers

The ongoing campaign exploits a disputed vulnerability, affecting major companies and prompting criticism of the framework's security measures.

Image
Image
Image

Overview

  • Thousands of servers have been hacked in an ongoing attack targeting the Ray AI framework, affecting companies like OpenAI, Uber, and Amazon.
  • The attack exploits a reported vulnerability in Ray, allowing attackers to tamper with AI models, steal network credentials, and install cryptocurrency miners.
  • Security firm Oligo discovered the attacks, which have been active for at least seven months, compromising sensitive information including AI workloads and network credentials.
  • Anyscale, the developer of Ray, disputes the vulnerability, emphasizing the importance of securing Ray clusters from untrusted access.
  • Critics argue that Anyscale's response and the lack of immediate action on the vulnerability have left many security tools unable to flag the ongoing attacks.