Lambda Layers Code Execution Flaw Leads To Supply Chain On AI/ML Applications
Posted: Tue Dec 24, 2024 3:41 pm
A new supply-chain vulnerability has been identified in the Lambda Layers of third-party TensorFlow-based Keras models. This vulnerability could allow threat actors to inject arbitrary code into any AI/ML application.
Any Lambda Layers that were built before version Keras 2.13 are susceptible to a supply chain attack.
A threat actor can create and distribute a trojanized popular model among AI/ML developers.
https://cybersecuritynews.com/lambda-la ... ain-ai-ml/
Any Lambda Layers that were built before version Keras 2.13 are susceptible to a supply chain attack.
A threat actor can create and distribute a trojanized popular model among AI/ML developers.
https://cybersecuritynews.com/lambda-la ... ain-ai-ml/