AI, Machine Learning New Battleground for API Exploits
New Wallarm report uncovers rapid acceleration in API vulnerabilities in new AI-related devevelopment and infrastructure products.
Note: TDWI's editors carefully choose vendor-issued press releases about new or interesting research and services. We have edited and/or condensed this release to highlight key study results or service features but make no claims as to the accuracy of the vendor's statements.
Wallarm, an end-to-end API and app security company, has released its Q1 API ThreatStats 2024 Report. The quarterly report reveals a significant uptick in sophisticated cyber threats targeting APIs of AI infrastructure products, including NVIDIA’s Triton Inference Server, ZenML, and Hail. It also underscores notable API breaches among the world’s largest companies and the growing importance of advanced, proactive cybersecurity measures to defend against rapidly evolving attacks.
The new report highlights the rising concern surrounding API attacks related to the new AI dev stack, especially as more organizations implement AI/LLM-driven features. As more AI products and tools rely on APIs, they are becoming increasingly vulnerable to new and potentially critical API security risks -- a development that catches many off guard as organizations believe they need to start focusing on emerging LLM threats such as prompt injection.
For instance, ZenML -- a platform used by thousands of top-tier companies for standardizing MLOps workflows -- faced a critical API vulnerability, giving attackers unauthorized access to ZenML accounts. Additionally, NVIDIA’s Triton Inference Server (which standardizes AI model deployment and execution across diverse workloads) experienced an API vulnerability that allows unauthorized path traversal, potentially leading to consequences such as code execution and data tampering.
Another focal point of this quarter's report is the high-profile API attacks on widely used enterprise vendors. In fact, 43% of API threats discovered in Q1 were tied to popular enterprise applications. These threats continue to drive significant breaches at major companies, in some cases exposing millions of confidential records, some of which go undetected until the damage is done.
DevOps and DevTools are another route for attackers. API vulnerabilities span commonly used DevOps tools, with DevOps tools and development frameworks contributing a combined 42.6% to the vulnerability spectrum, according to the report.
API Leaks Still Key Threats
Mercedes-Benz experienced a major API leak -- which started in September 2023 but was only discovered in January 2024 -- when an employee’s GitHub token was exposed. This potentially gave unauthorized parties access to the automotive giant's GitHub Enterprise account and exposed source code, database and cloud providers keys, and internal documents. With access to this source code, attackers could potentially conduct a detailed analysis to identify security vulnerabilities.
“AI products’ growing reliance on APIs is both a strength and a vulnerability. The speed at which these technologies are being deployed far outpaces the readiness of current security measures designed to protect them, leaving them vulnerable to significant risks. The report shows that even enterprise vendors trusted by the world’s top companies aren’t safe,” said Ivan Novikov, CEO of Wallarm. “The latest ThreatStats report highlights the urgency of addressing these security challenges and provides a road map for CISOs to navigate the complexities of AI-driven environments.”
The escalation of API and AI-related vulnerabilities stresses the need for all industries to be fully aware of such risks and implement comprehensive security measures to protect against evolving and sophisticated threats. For a balanced and effective security posture, the report recommends organizations elevate API and AI security to a boardroom priority (communicating the business impact of API vulnerabilities) and invest in integrated API security solutions that provide API discovery, API leak management and real-time mitigation of critical threats.
To view the full Q1 API ThreatStats2024 Report, please visit https://www.wallarm.com/resources/api-threatstats-tm-report-q1-2024 (short registration required).