From MLOps to MLOops – Exposing the Attack Surface of Machine Learning Platforms

Following the widespread adoption of AI, ML and LLMs, organizations are required to facilitate MLOps. The easiest way to streamline these processes is to deploy an open-source ML platform in the organization, such as MLflow, Kubeflow or Metaflow, which supports actions such as model building, training, evaluation, sharing, publishing and more.

Our talk will explain how MLOps platforms can become a gold mine for attackers seeking to penetrate the organization and move laterally within it – we will present an analysis of the six most popular OSS MLOps platforms, showing how each MLOps feature can be directly mapped to a real-world attack. We will demonstrate how server-side and client-side CVEs we discovered in multiple platforms can be used for infecting both the MLOps platform servers and their clients (data scientists and MLOps CI/CD machines).

Most importantly – we will illustrate how the inherent vulnerabilities in the formats used by these MLOps platforms can be abused to infect an entire organization, even when the platforms are fully patched!

The talk will provide insights both for red teams and blue teams – attendees will gain knowledge on how to better deploy an MLOps platform in the organization, how to brief users of these platforms and how each feature of these platforms can be attacked.

By:
Shachar Menashe | Sr. Director Security Research, JFrog

Full Abstract and Presentation Materials Available:
https://www.blackhat.com/us-24/briefings/schedule/#from-mlops-to-mloops—exposing-the-attack-surface-of-machine-learning-platforms-39309Black HatRead More