What Have They Done? Popular AI Framework Deployed Without a Single Security Consideration
A recent article reported by Avi Lumelsky, Guy Kaplan, and Gal Elbaz @ Oligo, describes how the ray ai framework is currently being exploited in the wild, and has been since November 2023.
This is the first of its kind exploit, and it’s completely predictable given that the project maintainer, Anyscale, has knowingly chose to not implement a single security feature. Their official security posture is,“Ray expects to run in a safe network environment and to act upon trusted code.”
The “Best Practices” guide describes how this security model, or lack there of, relies entirely on being inaccessible by threat actors.
In 2024 this security posture is outdated, ineffective, and downright negligent. This posture has no place in modern software architecture, especially and AI framework with widespread adoption.
The Zero Trust Architecture (ZTA) is a cybersecurity model that is the antithesis to this wide-open security posture. ZTA has been around for decades and has widespread adoption industry-wide, per the 2023 State of Zero Trust Report by Okta.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24917756/2024_ford_f_150_stx_exterior_106_64ff7327a5c0f.jpg)
