Cybersecurity researchers are warning that a group of hackers may have breached hundreds of companies by targeting an open-source software used in scaling AI models.
The reported cyberattacks exploited the software called Ray, which resulted in at least three “very well-known, large organizations” and dozens of smaller ones being victims of the potential attacks.
Researchers with the Israeli cyber startup Oligo Security, which discovered the attacks, shared with Forbes that this is believed to be the first example of cyberattacks exploiting artificial intelligence computing vulnerabilities found in the wild.
The hackers reportedly used the vulnerabilities to install cryptocurrency miners on exposed servers, which diverted the processing power used to train AI to churn out digital coins instead, Oligo Security shared.
Oligo also says the hackers used vulnerable servers that leaked access “tokens,” which could be used by a cyberattacker to breach various AI and business applications, including OpenAI and Slack.
In a statement to Forbes, Slack spokesperson Dolleen Cross said the incident was “an unfortunate incident, and we feel for any customers that were impacted.”
The researchers did not share in their findings what specific organizations had been victims of the cyberattacks, but they told the media outlet that the three largest are household names and may have had “thousands of compromised machines.
“This is an active campaign right now,” Oligo cofounder and chief technology officer Gal Elbaz told Forbes. “They’re attacking that infrastructure of AI. They’re leveraging it to make a lot of money.”