Wiz Talk: Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities

Title:
Breaking Out of The AI Cage: Pwning AI Providers with NVIDIA Vulnerabilities

Abstract:

 The overwhelming majority of AI applications run on NVIDIA The overwhelming majority of AI applications run on NVIDIA hardware and software and use NVIDIA tools to containerize and isolate applications running on the same infrastructure. A vulnerability in this single point of failure could allow the breakdown of security mechanisms and takeover of the AI infrastructure.

In this research project, we managed to prove this scenario is indeed possible. We found a critical vulnerability in one of the foundational software components that powers all the world's AI managed infrastructure: the NVIDIA Container Toolkit. This vulnerability allows an attacker to escape from the container to the underlying host and often compromise the entire Kubernetes cluster.

We tested this vulnerability on all major AI platforms, all of which proved to be susceptible to this attack. In some cases, the container escape was sufficient to prove unauthorized cross-tenant data access. Including credentials and customer data, breaching the platform's foundational security model. We'll take a deep dive into two case studies with completely different results: Replicate and DigitalOcean.

In this talk, we will dive into our findings, starting from the discovery of the vulnerability itself, through its real-world exploitation on AI cloud services, finishing with the details of industry-wide impact. Attendees will learn about how major cloud services operate their security behind the scenes and the lessons they can apply to their own environment