Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains


By Lucian Constantin

Developers have been increasingly targeted by attackers in recent years with fake software packages on open-source component repositories — a supply chain attack technique that has now expanded to include rogue AI frameworks and poisoned machine learning (ML) models as enterprises rush to build AI applications.

In one recent attack, hackers uploaded packages to the Python Package Index (PyPI) — the public repository for open-source Python components — that masqueraded as software development kits (SDKs) for interacting with services from Alibaba Cloud’s AI Labs, also known as Aliyun AI Labs.

The three malicious packages, found by researchers from security firm ReversingLabs, had no legitimate functionality, instead exfiltrating information from environments to attacker-controlled servers through code hidden inside malicious ML model files stored in Pickle format.

Read more at CSO Online

Click to listen highlighted text!