October 10, 2024
By Eoin Wickens, Kasimir Schulz, Tom Bonner
June 20, 2024
By Travis Smith
December 17, 2024
By Samantha Pearcy
March 20, 2024
By Samantha Pearcy
December 11, 2024
Introduction A major supply chain attack affecting the widely used Ultralytics Python package occurred between December 4th and December 7th. The attacker initially compromised the GitHub actions workflow to bundle malicious code directly into four project releases on PyPi and Github, deploying an XMRig crypto miner to victim machines. The malicious packages were available to […]
December 5, 2024
Summary Honeypots are decoy systems designed to attract attackers and provide valuable insights into their tactics in a controlled environment. By observing adversarial behavior, organizations can enhance their understanding of emerging threats. In this blog, we share findings from a honeypot mimicking an exposed ClearML server. Our observations indicate that an external actor intentionally targeted […]
In this webinar, hear from industry experts on attacking artificial intelligence systems. Join Chloé Messdaghi, Travis Smith, Christina Liaghati, and John Dwyer as they discuss the core concepts of AI Red Teaming, why organizations should be doing this, and how you can get started with your own red teaming activities. Whether you’re new to security for AI or an experienced legend, this introduction provides insights into the cutting-edge techniques reshaping the security landscape.
CyberBytes: The Podcast
“Chris Sestito, CEO and Co-founder of AI security vendor, HiddenLayer, joined Oliver Legg for a re-run following our episode at last year’s BlackHat. Why? Because HiddenLayer have gone from strength to strength. Winning the 2023 RSA Sandbox, a major Microsoft announcement and being named the ML Security Leader by CB Insights have all aided with CISO’s permission to buy and helped land major enterprise wins this past year.
Tito and Olly discussed:
• Life after winning the 2023 RSA Sandbox and what that achievement really means
• How they’ve managed to keep a highly diverse team whilst surpassing the 100 employee count
• How, despite the major wins and headlines, it’s never all plain sailing
Being able to dive into a founder’s journey twice through such significant periods of growth is great fun.”
Unsafe extraction of NeMo archive leading to arbitrary file write CVE Number CVE-2024-0129 Summary The _unpack_nemo_file function used by the SaveRestoreConnector class for model loading uses tarfile.extractall() in an unsafe way which can lead to an arbitrary file write when a model is loaded. Products Impacted This vulnerability is present in Nvidia NeMo versions prior to r2.0.0rc0. CVSS Score: 6.3 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L […]
Following responsible disclosure practices, the vulnerabilities referenced in this blog were disclosed to ClearML before publishing. We would like to thank their team for their efforts in working with us to resolve the issues well within the 90-day window. This demonstrates that responsible disclosure allows for a good working relationship between security teams and product […]
Following responsible disclosure practices, the vulnerabilities referenced in this blog were disclosed to ClearML before publishing. We would like to thank their team for their efforts in working with us to resolve the issues well within the 90-day window. This demonstrates that responsible disclosure allows for a good working relationship between security teams and product […]
Following responsible disclosure practices, the vulnerabilities referenced in this blog were disclosed to ClearML before publishing. We would like to thank their team for their efforts in working with us to resolve the issues well within the 90-day window. This demonstrates that responsible disclosure allows for a good working relationship between security teams and product […]
Following responsible disclosure practices, the vulnerabilities referenced in this blog were disclosed to ClearML before publishing. We would like to thank their team for their efforts in working with us to resolve the issues well within the 90-day window. This demonstrates that responsible disclosure allows for a good working relationship between security teams and product […]
November 20, 2024
Austin, TX — November 20, 2024 — HiddenLayer, a leader in security for AI solutions, today announced the launch of its Automated Red Teaming solution for artificial intelligence, a transformative tool that enables security teams to rapidly and thoroughly assess generative AI system vulnerabilities. The addition of this new product extends HiddenLayer’s AISec platform capabilities […]
October 30, 2024
Austin, TX – October 30, 2024 – HiddenLayer, a leader in security for AI solutions, is honored to be recognized as a Cool Vendor for AI Security in Gartner’s 2024 report. This prestigious distinction highlights HiddenLayer’s innovative approaches to safeguarding artificial intelligence models, data, and workflows against a rapidly evolving threat landscape. HiddenLayer’s proactive solutions […]
October 9, 2024
Austin, TX – October 8, 2024 – HiddenLayer today announced the launch of several new features to its AISec Platform and Model Scanner, designed to enhance risk detection, scalability, and operational control for enterprises deploying AI at scale. As the pace of AI adoption accelerates, so do the threats targeting these systems, necessitating security measures […]
What you’ll get:
Research: Stay informed about the evolving AI threat landscape, emerging risks, and new vulnerabilities.
Insights: Gain in-depth security for AI education and master the skills to effectively protect your AI systems.
Guides: Access expert analysis, actionable how-to’s, and innovative strategies to accelerate your AI adoption.
HiddenLayer, a Gartner recognized Cool Vendor for AI Security, is the leading provider of Security for AI. Its security platform helps enterprises safeguard the machine learning models behind their most important products. HiddenLayer is the only company to offer turnkey security for AI that does not add unnecessary complexity to models and does not require access to raw data and algorithms. Founded by a team with deep roots in security and ML, HiddenLayer aims to protect enterprise’s AI from inference, bypass, extraction attacks, and model theft. The company is backed by a group of strategic investors, including M12, Microsoft’s Venture Fund, Moore Strategic Ventures, Booz Allen Ventures, IBM Ventures, and Capital One Ventures.
