×
Wiz Research Uncovers Critical Flaws in SAP AI, Risking Customer Data and Cloud Security
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

Wiz Research uncovers critical vulnerabilities in SAP AI Core, potentially exposing customer data and cloud environments to malicious actors. The research reveals that executing arbitrary code through AI training procedures allowed lateral movement and service takeover, granting access to sensitive customer files and cloud credentials.

Key findings: Wiz researchers gained privileged access to SAP AI Core’s internal assets by exploiting vulnerabilities, enabling them to:

  • Read and modify Docker images on SAP’s internal container registry and Google Container Registry
  • Access and modify artifacts on SAP’s internal Artifactory server
  • Obtain cluster administrator privileges on SAP AI Core’s Kubernetes cluster
  • Retrieve customers’ cloud credentials and private AI artifacts

Vulnerability chain: The attack began by bypassing network restrictions enforced by an Istio proxy sidecar. This provided access to several internal services that lacked additional authentication:

  • Grafana Loki leaked AWS secrets used to access S3 buckets containing customer logs
  • Unauthenticated EFS shares exposed vast amounts of customer AI data
  • An unauthenticated Helm server allowed compromising SAP’s internal Docker registry, Artifactory, and the Kubernetes cluster

Broader implications: The research highlights the unique challenges of securing AI services, where executing arbitrary code is part of the standard training process. It demonstrates the importance of defense-in-depth and the pitfalls of perceiving internal networks as inherently trusted. Appropriate guardrails must be implemented to properly isolate untrusted AI workloads from internal assets and other tenants.

SAP addressed all reported vulnerabilities in cooperation with Wiz Research. The disclosure process spanned from January to July 2024.

SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts

Recent News

Nvidia’s new AI agents can search and summarize huge quantities of visual data

NVIDIA's new AI Blueprint combines computer vision and generative AI to enable efficient analysis of video and image content, with potential applications across industries and smart city initiatives.

How Boulder schools balance AI innovation with student data protection

Colorado school districts embrace AI in classrooms, focusing on ethical use and data privacy while preparing students for a tech-driven future.

Microsoft Copilot Vision nears launch — here’s what we know right now

Microsoft's new AI feature can analyze on-screen content, offering contextual assistance without the need for additional searches or explanations.