A critical deserialization vulnerability (CVSS 9.8) in a widely-deployed ML model serving framework allows unauthenticated RCE via crafted model files. Active exploitation confirmed.
A critical deserialization vulnerability (CVSS 9.8) in a widely-deployed ML model serving framework allows unauthenticated RCE via crafted model files. Active exploitation confirmed.
Safety-aligned multimodal LLMs can be reliably jailbroken by encoding adversarial instructions as text within images, bypassing text-layer safety filters entirely.
Applying zero trust to ML infrastructure: training pipeline access controls, model registry security, inference endpoint hardening, and secrets management for AI deployments.
An NHS trust confirmed adversarial perturbations applied to medical images caused systematic misclassification by its AI diagnostic system, resulting in incorrect preliminary diagnoses.
A UK insurer's AI chatbot, due to an IDOR vulnerability and excessive tool permissions, allowed authenticated users to retrieve policy data for unrelated customers. 80,000 records exposed.