There’s been a significant uptick in sophisticated cyber threats targeting APIs of AI infrastructure products including Nvidia’s Triton Inference Server, ZenML and Hail.
This is among the findings from Wallarm’s Q1 API ThreatStats 2024 Report, which also underscores notable API breaches among the world’s largest companies as well as the growing importance of advanced, proactive cybersecurity measures to defend against rapidly evolving attacks.
The new report highlights the rising concern surrounding API attacks related to the new AI dev stack, especially as more organizations implement AI/LLM-driven features.
As more AI products and tools rely on APIs, they are becoming increasingly vulnerable to new and potentially critical API security risks – a development that catches many off guard as organizations believe they need to start focusing on emerging LLM threats like prompt injection.
For instance, ZenML — a platform used by thousands of companies for standardising MLOps workflows — faced a critical API vulnerability, giving attackers unauthorized access to ZenML accounts.
And Nvidia’s Triton Inference Server — which standardises AI model deployment and execution across diverse workloads – experienced an API vulnerability that allows unauthorised path traversal, potentially leading to consequences like code execution and data tampering.
Another focal point of this quarter’s report is the high-profile API attacks on widely-used enterprise vendors. In fact, 43% of API threats discovered in Q1 were tied to popular enterprise applications. These threats continue to drive significant breaches at major companies, in some cases exposing millions of confidential records, some of which go undetected until the damage is done.
DevOps and DevTools are another route for attackers. API vulnerabilities span commonly used DevOps tools, with DevOps tools and development frameworks contributing a combined 42.6% to the vulnerability spectrum, according to the report.
For instance, Mercedes-Benz experienced a major API leak, which started in September 2023 but was only discovered in January 2024, when an employee’s GitHub token was exposed. This potentially gave unauthorised parties access to the automotive giant’s GitHub Enterprise account and exposed source code, database and cloud providers keys, and internal docs. With access to this source code, attackers could potentially conduct a detailed analysis to identify security vulnerabilities.
“AI products’ growing reliance on APIs is both a strength and a vulnerability,” says Ivan Novikov, CEO of Wallarm. “The speed at which these technologies are being deployed far outpaces the readiness of current security measures designed to protect them, leaving them vulnerable to significant risks.
“And the report shows that even enterprise vendors trusted by the world’s top companies aren’t safe.
“The latest ThreatStats report highlights the urgency of addressing these security challenges and provides a roadmap for CISOs to navigate the complexities of AI-driven environments,” he adds. “It also emphasises the need for a partner like Wallarm that provides proactive cybersecurity measures as a defense to rapidly evolving threats.”
The escalation of API and AI-related vulnerabilities stresses the need for all industries to be fully aware of such risks and implement comprehensive security measures to protect against evolving and sophisticated threats.
For a balanced and effective security posture, the report recommends organisations do the following: elevate API and AI security to a boardroom priority, communicating the business impact of API vulnerabilities; and invest in integrated API security solutions that provide API discovery, API leak management and real-time mitigation of critical threats.