AI-as-a-Service vulnerable to PrivEsc and cross-tenant attacks

I’ve read about many many many vulnerabilities of AI models on Hugging face, but this…this is something else!



Soyftware as a service…
:clown_face: :earth_africa:

1 Like

Yeah…but to be fair, it just proves exactly same thing could happen locally as well, it’s model vulnerability…

I guess regardless of what AI user want to use (best is none :rofl:) it’s a great idea to run it only inside Whonix VM.

1 Like


Soyftware as a service…
:clown_face: :earth_africa:

1 Like

1 Like

I see two ways out of it: A really free LLM/GPT by someone real trustworthy (FSF???) or strictly local models, but those will be not “Large” as in Llm… Difficult situation, because everybody and his dog is using it, wether it is a good idea or not…

You can use LLM strictly local, but they still can be infected.

For example:
LM Studio

Everything can be infected. But running it locally would give you at least a hint of control over it, enough to isolate or protect it, that is.

See the article and the video inside it, you’ll quickly change your mind. :rofl:
Through infected model you can get a freaking root access to a system be it local or…their own server :rofl:

I know how the LLM is being infected. But if you have control over it and no outside user then there is no threat vector for this available, that’s my whole point.

I mean…only if you train your own model, coz right now there’s not really a reliable way to check pre-trained models security as far as i know.

Yupp, that is the “Difficulty” here - as in borderline impossible, hence the suggestion with the FSF (or something similar trustworthy). But I got no better ideas, and people will use it…

My vote is not to run it at all.

Incredibly glad I don’t have to deal with the OS force-feeding of the latest Microsoft fad, - AI via CoPilot. Before this, it was 3d everything, Creators Edition, 3d viewers, - all got dumped once they realised no one was interested and it wasn’t even remotely aligned to what their customers really wanted.

Intelligent tools have their places, and libraries like Mycroft are a great example, but anything cloud-linked to a major corp is just a method by which to syphon off metadata for sale.