当前位置:首页 > 报告详情

AI 成为攻击目标——探索针对 AWS AI 即服务的新型攻击.pdf

上传人: 可*** 编号:991711 2025-12-07 54页 21.15MB

1、AI in the Crosshairs:Exploring Novel Attacks on AWS AI-as-a-Service2|2025 Trend Micro Inc.Yash Verma Senior Threat Researcher,Trend Micro From India adding spice to cloud security!From endpoints to cloud breaking,securing&shaping the future of cloud security Cloud detective hunting misconfigs,threat

2、s&vulnerabilities Driving impact shaping products,building detections&making clouds safer Beyond security books,podcasts,travel&mobile photography About Me3|2025 Trend Micro Inc.Agenda Rise Of AI-as-a-Service(AIaaS)AI in the crosshairs:Past incidents and reports Threat Vectors&Targets in AIaaS A Tal

3、e of Cloud Chaos:The AWS AIaaS Supply Chain Attack Threat Monitoring AWS AI Pipelines Best Practices to Prevent Attacks on AWS AIaaS4|2025 Trend Micro Inc.Rise Of AI-as-a-Service5|2025 Trend Micro Inc.Cloud-based service providing AI capabilities Foundational models,APIs,data training&model tuning f

4、rameworks etc Offered by AWS,Google Cloud,Microsoft Azure etcWhat is AIaaS?6|2025 Trend Micro Inc.Why AIaaS?Cuts infrastructure and expertise costs Scales easily with pay-as-you-go pricing Deploys quickly using pre-built models Integrates seamlessly with existing systems Accesses the latest AI innov

5、ations7|2025 Trend Micro Inc.TrendsArtSmarts SurveyGrand view researchs survey8|2025 Trend Micro Inc.AI in the crosshairs:Past incidents and reports9|2025 Trend Micro Inc.Reports Rising Cyberattack30%of AI cyberattacks involve training-data poisoning,model theft,or adversarial samples Gartner93%of s

6、ecurity leaders expect to encounter daily AI attacks by 2025 Exposures&Misconfigurations82%of organizations using Amazon SageMaker have at least one internet-exposed notebook-Orca Security.54%store PII,and 21%have an internet-exposed S3 bucket containing sensitive data38TB of sensitive data accident

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要探讨了针对AWS AI即服务(AIaaS)的新型攻击,强调了云安全的重要性。关键点如下: 1. AI即服务(AIaaS)的兴起:介绍了AIaaS的定义和优势,如降低成本、易于扩展、快速部署等。 2. AI面临的威胁:报告显示,30%的AI网络攻击涉及训练数据污染、模型盗窃或对抗性样本;至2025年,93%的安全领导者预计每天都会遇到AI攻击。 3. 攻击向量与目标:分析了不良编程实践、云与AI服务配置错误、AI库和平台漏洞等威胁向量,主要目标为开发者和数据科学家。 4. AWS AIaaS供应链攻击案例:通过模拟攻击,展示了不良编程实践、未经验证的第三方依赖、云配置错误等风险。 5. 安全监控与最佳实践:提出使用AWS CloudTrail、CloudWatch等工具监控AI管道,实施最小权限原则,遵循安全的机器学习编码实践,并采用可解释AI(XAI)提高安全性。 核心数据引用: - 82%的组织在使用Amazon SageMaker时至少有一个互联网暴露的笔记本; - 38TB敏感数据因微软AI研究人员失误而暴露; - 20+个影响ML供应商的AI相关CVEs,显示出安全漏洞上升的趋势。
揭秘云安全危机" 如何防范?" 如何守护云端?"
客服
商务合作
小程序
服务号
折叠