* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, October 22, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Business

SAP security holes raise questions about the rush to AI

July 19, 2024
in Business
SAP security holes raise questions about the rush to AI
Share on FacebookShare on Twitter

Cloud security firm Wiz has published a detailed report about SAP security holes, now patched, that raises alarming questions about the secondary role AI efforts are having on cybersecurity defenses.

Cloud security firm Wiz has probed SAP defenses as part of its tenant isolation research on AI service providers, and on Wednesday published a lengthy list of shortcomings. SAP says that they fixed all of the problems before Wiz published.

Most deal with either a lack of meaningful segmentation or network components trusting other components without any authentication — a violation of the basic tenet of Zero Trust. Although AI played a minor role in the problems, some have pointed to the report as further evidence that the rush to GenAI deployments is undermining basic cybersecurity protections.

“We believe these (SAP) services are more susceptible to tenant isolation vulnerabilities because, by definition, they allow users to run AI models and applications – which is equivalent to executing arbitrary code,” the Wiz report said.

“As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant. The AI training process requires access to vast amounts of sensitive customer data, which turns AI training services into attractive targets for attackers. SAP AI Core offers integrations with S/4HANA and other cloud services, to access customers’ internal data via cloud access keys. These credentials are highly sensitive.”

Alarming holes

Given how widely deployed SAP systems are within enterprises, and how integrated SAP is with so many other enterprise-level applications and cloud environments, Wiz said the holes were especially alarming.

“By executing arbitrary code, we were able move laterally and take over the service – gaining access to customers’ private files, along with credentials to customers’ cloud environments: AWS, Azure, SAP S/4HANA Cloud, and more,” the report said. “The vulnerabilities we found could have allowed attackers to access customers’ data and contaminate internal artifacts – spreading to related services and other customers’ environments.” 

The Wiz report noted that researchers were able to access and often able to modify Docker images on SAP internal container registry, SAP’s Docker images on Google Container Registry, and SAP’s internal Artifactory server. They also gained cluster administrator privileges on SAP AI Core’s Kubernetes cluster, as well as gaining full access to a variety of SAP customers’ cloud credentials and private AI artifacts.

Risks involved in the rush to AI

Analysts and industry AI specialists found little surprising in the findings, but did agree that this should be a stark reminder that AI deployments need to be carefully and strictly scrutinized and managed by CISO teams. 

“There is this rush to deploy (AI) and security is an afterthought until something bad happens,” said Michelle Abraham, the IDC senior research director for security and trust.

Vaibhav Malik, the architect leader at Cloudflare, said that although AI may not be the direct cause of the SAP holes that were discovered, the mechanisms needed for GenAI rollouts often undermine defenses. 

“The vulnerabilities discovered in SAP AI Core are unfortunately not surprising to me. In my experience working on enterprise AI initiatives, I’ve observed a concerning trend where the rapid adoption of AI technologies often outpaces the implementation of robust security measures,” Malik said. “The ability to run arbitrary code for AI model training inherently creates a complex isolation problem. Traditional sandboxing techniques often fall short in AI environments. I’ve seen multiple cases where seemingly isolated environments were compromised due to overlooked interconnections or misconfigurations.”

Malik also noted that the ability described in the Wiz report to poison artifacts or compromise internal registries “highlights a critical weakness in many AI pipelines. In my experience, securing the entire AI supply chain — from data ingestion to model deployment — is an area where many organizations have significant blind spots.”

Forrester Research reached similar conclusions. 

The Wiz report “is mostly comprised of issues related to configuration and infrastructure that could jeopardize data in any cloud instance of any type. Based on the writeup,  these are issues related to infrastructure configured or implemented improperly in SAP’s AI Core offering. As a result, this could impact cloud infrastructure and the data it houses,” said Jeff Pollard, Forrester VP and principal analyst.

 “The issues are real and correct,” he added. “Better isolation such as microsegmentation using Zero Trust, and better configurations and implementations would’ve prevented this.” 

Another consultant, Three Arc Advisory President Meghan Anzelc, said that CISOs need to focus on the intersection of technology between AI and cybersecurity.

“AI cybersecurity issues are a combination of different areas of expertise not partnering appropriately upfront,” Anzelc said. “Data scientists are typically curious and creative, and many have no understanding of information security or cybersecurity issues and best practices. At the same time, you have traditional IT architecture and InfoSec teams who may not have ever worked with data scientists before, and are struggling with their needs for large data volumes, access to a wide range of data sources, often including sensitive information.

“You also have executives pushing to move quickly on AI, sometimes at organizations that have no internal AI or data science expertise, sometimes at organizations that have no or limited expertise in the particular cloud services needed. It’s a tricky combination.”

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.csoonline.com/article/2520751/sap-security-holes-raise-questions-about-the-rush-to-ai.html

Tags: businessholessecurity
Previous Post

Navigating the data management maze: How emerging tech and modern solutions are revolutionizing mainframe-to-cloud integration

Next Post

How Revolut’s creator strategy is benefitting from YouTube’s long-form swing

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Breaks New Ground with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

AMC Launches First New Dolby Experience in Gwinnett Since 2017

October 22, 2025
UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

October 22, 2025
With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

October 21, 2025
Fusobacterium nucleatum : ecology, pathogenesis and clinical implications – Nature

Unveiling Fusobacterium nucleatum: Exploring Its Ecology, Disease Connections, and Health Impact

October 21, 2025
Escherichia coli with a 57-codon genetic code – Science | AAAS

Escherichia coli Engineered with a Revolutionary 57-Codon Genetic Code

October 21, 2025
LOCALIZE IT: Over 420 anti-science bills target public health protections in statehouses across US – newspressnow.com

More Than 420 Anti-Science Bills Jeopardize Public Health Across the Nation

October 21, 2025
Halloween not your thing? Here’s when Christmas at the Newport mansions will start. – The Providence Journal

Not a Halloween Fan? Find Out When Christmas Magic Begins at the Newport Mansions!

October 21, 2025
Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

October 21, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (879)
  • Economy (901)
  • Entertainment (21,772)
  • General (17,729)
  • Health (9,942)
  • Lifestyle (913)
  • News (22,149)
  • People (901)
  • Politics (911)
  • Science (16,111)
  • Sports (21,400)
  • Technology (15,880)
  • World (884)

Recent News

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Breaks New Ground with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version