×
Wiz Research Uncovers Critical Flaws in SAP AI, Risking Customer Data and Cloud Security
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

Wiz Research uncovers critical vulnerabilities in SAP AI Core, potentially exposing customer data and cloud environments to malicious actors. The research reveals that executing arbitrary code through AI training procedures allowed lateral movement and service takeover, granting access to sensitive customer files and cloud credentials.

Key findings: Wiz researchers gained privileged access to SAP AI Core’s internal assets by exploiting vulnerabilities, enabling them to:

  • Read and modify Docker images on SAP’s internal container registry and Google Container Registry
  • Access and modify artifacts on SAP’s internal Artifactory server
  • Obtain cluster administrator privileges on SAP AI Core’s Kubernetes cluster
  • Retrieve customers’ cloud credentials and private AI artifacts

Vulnerability chain: The attack began by bypassing network restrictions enforced by an Istio proxy sidecar. This provided access to several internal services that lacked additional authentication:

  • Grafana Loki leaked AWS secrets used to access S3 buckets containing customer logs
  • Unauthenticated EFS shares exposed vast amounts of customer AI data
  • An unauthenticated Helm server allowed compromising SAP’s internal Docker registry, Artifactory, and the Kubernetes cluster

Broader implications: The research highlights the unique challenges of securing AI services, where executing arbitrary code is part of the standard training process. It demonstrates the importance of defense-in-depth and the pitfalls of perceiving internal networks as inherently trusted. Appropriate guardrails must be implemented to properly isolate untrusted AI workloads from internal assets and other tenants.

SAP addressed all reported vulnerabilities in cooperation with Wiz Research. The disclosure process spanned from January to July 2024.

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Recent News

AI builds architecture solutions from concept to construction

AI tools are giving architects intelligent collaborators that propose design solutions, handle technical tasks, and identify optimal materials while preserving human creative direction.

Push, pull, sniff: AI perception research advances beyond sight to touch and smell

AI systems struggle to understand sensory experiences like touch and smell because they lack physical bodies, though multimodal training is showing promise in bridging this comprehension gap.

Vibe coding shifts power dynamics in Silicon Valley

AI assistants now write most of the code for tech startups, shifting value from technical skills to creative vision and idea generation.