Open-Source AI Model Sharing Platform Replicate Has Major Vulnerability

TapTechNews May 28th news, security company Wiz recently released a report, claiming that the open-source AI model sharing platform Replicate has a major vulnerability, through which hackers can conduct "cross-tenant attacks" (TapTechNews note: that is, using the security vulnerabilities existing in a multi-tenant environment to access/interfere with the data resources of other tenants), resulting in the leakage of internal confidential data of the AI models trained by platform users.

The security company claims that the main reason for the "cross-tenant attack" vulnerability on the Replicate platform is the model containerization format Cog launched by the platform to improve the efficiency of AI model inferences. Although the relevant format can significantly improve the model and efficiency, the Replicate platform ignores the security isolation mechanism in the Cog format.

TapTechNews learned that hackers can package the trained malicious model into a Cog container and interact with the container through the user interface of Replicate, and finally successfully conducted a series of remote execution code (RCE) attack tests and obtained the root permission of the container.

After that, the researchers also further investigated the infrastructure of the Replicate platform, successfully accessed another container through the TCP connection of the current container, and successfully injected specific data into the TCP connection through the tool called rshijack, thereby bypassing the platform's identity verification steps and successfully accessing other users' AI models.

The researchers pointed out that hackers can easily obtain other users' self-used AI models through relevant vulnerabilities, can freely extract user privacy data from the relevant model question-and-answer records, and can also freely download/modify the content of the user model, which poses a serious threat to the platform.

TapTechNews noticed that the Replicate platform has quickly repaired the relevant漏洞 after receiving the notification from Wiz and said that currently no signs of outflow of user AI models have been detected.