×
Wiz Research Uncovers Critical Flaws in SAP AI, Risking Customer Data and Cloud Security
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

Wiz Research uncovers critical vulnerabilities in SAP AI Core, potentially exposing customer data and cloud environments to malicious actors. The research reveals that executing arbitrary code through AI training procedures allowed lateral movement and service takeover, granting access to sensitive customer files and cloud credentials.

Key findings: Wiz researchers gained privileged access to SAP AI Core’s internal assets by exploiting vulnerabilities, enabling them to:

  • Read and modify Docker images on SAP’s internal container registry and Google Container Registry
  • Access and modify artifacts on SAP’s internal Artifactory server
  • Obtain cluster administrator privileges on SAP AI Core’s Kubernetes cluster
  • Retrieve customers’ cloud credentials and private AI artifacts

Vulnerability chain: The attack began by bypassing network restrictions enforced by an Istio proxy sidecar. This provided access to several internal services that lacked additional authentication:

  • Grafana Loki leaked AWS secrets used to access S3 buckets containing customer logs
  • Unauthenticated EFS shares exposed vast amounts of customer AI data
  • An unauthenticated Helm server allowed compromising SAP’s internal Docker registry, Artifactory, and the Kubernetes cluster

Broader implications: The research highlights the unique challenges of securing AI services, where executing arbitrary code is part of the standard training process. It demonstrates the importance of defense-in-depth and the pitfalls of perceiving internal networks as inherently trusted. Appropriate guardrails must be implemented to properly isolate untrusted AI workloads from internal assets and other tenants.

SAP addressed all reported vulnerabilities in cooperation with Wiz Research. The disclosure process spanned from January to July 2024.

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Recent News

Tech’s biggest winners and losers of 2024

Major tech companies emerged from 2024 with vastly different outcomes as AI integration and market volatility created clear winners and losers in revenue and user adoption.

How to achieve AI transformation that results in business success

Organizations are leveraging their existing technology investments to build AI capabilities, rather than embarking on entirely new digital transformations.

San Rafael schools to create AI advisory panel

Bay Area educators aim to create balanced AI guidelines by gathering input from teachers, parents and students through a new district-wide committee.