Threat actors could have leveraged several tenant isolation flaws in SAP's AI Core service to compromise data belonging to other tenants within the same SAP cloud infrastructure, reports SC Media.
Wiz researchers, who identified and reported the vulnerabilities, disclosed that they were able to infiltrate the internal SAP network by leveraging unblocked configurations to evade the open-source service mesh Istio and eventually enable AI training procedure execution. Further examination of the accessed SAP network revealed access to several Amazon Web Services Elastic File System instances, as well as unauthenticated Helm server that could be exploited for total Kubernetes cluster hijacking.
The report, which follows the discovery of improper tenant isolation in the Replicate and Hugging Face AI services, "demonstrates the unique challenges that the AI R&D process introduces.
AI training requires running arbitrary code by definition; therefore, appropriate guardrails should be in place to assure that untrusted code is properly separated from internal assets and other tenants," said researchers.
