* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, August 13, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    John Davison departs from IGN Entertainment – GamesIndustry.biz

    John Davison Steps Down from IGN Entertainment Leadership

    JPMorgan raises Flutter Entertainment stock price target to GBP273 – Investing.com

    JPMorgan Raises Flutter Entertainment Price Target to £273, Signaling Strong Growth Ahead

    Star Entertainment reaches deal to sell 50% stake in Brisbane resort to HK investors – Reuters

    Star Entertainment Seals Landmark Deal, Sells Half of Brisbane Resort to Hong Kong Investors

    Country music star ripped by ex-wife amid court battle: ‘Karma is a … well you know’ – PennLive.com

    This LA singer performed at Trump casinos. Now he’s a retired bus driver in Acadiana. – The Advocate

    This LA singer performed at Trump casinos. Now he’s a retired bus driver in Acadiana. – The Advocate

    Six Flags Entertainment Corporation Reports 2025 Second Quarter Results, Provides July Performance Update, and Updates Full-Year Guidance – Business Wire

    Six Flags Reveals Thrilling Q2 2025 Results, Shares July Highlights, and Updates Full-Year Outlook

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Indirect tax transformation: Navigating change, embracing technology – Thomson Reuters tax and accounting

    Revolutionizing Indirect Tax: Embracing Technology to Navigate Change

    California’s wildfire moonshot: How new technology will defeat advancing flames – Los Angeles Times

    California’s Wildfire Revolution: How Cutting-Edge Technology Is Poised to Stop Raging Flames

    LSU grad uses 3D printing to create adaptive technology for children – CBS News

    LSU Graduate Revolutionizes Adaptive Technology for Kids with 3D Printing

    Gas-to-liquids technology can support national resilience – The Strategist | ASPI’s analysis and commentary site

    Unlocking National Strength: How Gas-to-Liquids Technology Drives Resilience

    Micron Technology (MU) Launched a New Memory Chip for Space Application – Yahoo Finance

    Micron Technology Launches Revolutionary Memory Chip Built for Space Exploration

    United Airlines passengers in US delayed after tech glitch halts flights – BBC

    United Airlines passengers in US delayed after tech glitch halts flights – BBC

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    John Davison departs from IGN Entertainment – GamesIndustry.biz

    John Davison Steps Down from IGN Entertainment Leadership

    JPMorgan raises Flutter Entertainment stock price target to GBP273 – Investing.com

    JPMorgan Raises Flutter Entertainment Price Target to £273, Signaling Strong Growth Ahead

    Star Entertainment reaches deal to sell 50% stake in Brisbane resort to HK investors – Reuters

    Star Entertainment Seals Landmark Deal, Sells Half of Brisbane Resort to Hong Kong Investors

    Country music star ripped by ex-wife amid court battle: ‘Karma is a … well you know’ – PennLive.com

    This LA singer performed at Trump casinos. Now he’s a retired bus driver in Acadiana. – The Advocate

    This LA singer performed at Trump casinos. Now he’s a retired bus driver in Acadiana. – The Advocate

    Six Flags Entertainment Corporation Reports 2025 Second Quarter Results, Provides July Performance Update, and Updates Full-Year Guidance – Business Wire

    Six Flags Reveals Thrilling Q2 2025 Results, Shares July Highlights, and Updates Full-Year Outlook

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Indirect tax transformation: Navigating change, embracing technology – Thomson Reuters tax and accounting

    Revolutionizing Indirect Tax: Embracing Technology to Navigate Change

    California’s wildfire moonshot: How new technology will defeat advancing flames – Los Angeles Times

    California’s Wildfire Revolution: How Cutting-Edge Technology Is Poised to Stop Raging Flames

    LSU grad uses 3D printing to create adaptive technology for children – CBS News

    LSU Graduate Revolutionizes Adaptive Technology for Kids with 3D Printing

    Gas-to-liquids technology can support national resilience – The Strategist | ASPI’s analysis and commentary site

    Unlocking National Strength: How Gas-to-Liquids Technology Drives Resilience

    Micron Technology (MU) Launched a New Memory Chip for Space Application – Yahoo Finance

    Micron Technology Launches Revolutionary Memory Chip Built for Space Exploration

    United Airlines passengers in US delayed after tech glitch halts flights – BBC

    United Airlines passengers in US delayed after tech glitch halts flights – BBC

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Business

SAP security holes raise questions about the rush to AI

July 19, 2024
in Business
SAP security holes raise questions about the rush to AI
Share on FacebookShare on Twitter

Cloud security firm Wiz has published a detailed report about SAP security holes, now patched, that raises alarming questions about the secondary role AI efforts are having on cybersecurity defenses.

Cloud security firm Wiz has probed SAP defenses as part of its tenant isolation research on AI service providers, and on Wednesday published a lengthy list of shortcomings. SAP says that they fixed all of the problems before Wiz published.

Most deal with either a lack of meaningful segmentation or network components trusting other components without any authentication — a violation of the basic tenet of Zero Trust. Although AI played a minor role in the problems, some have pointed to the report as further evidence that the rush to GenAI deployments is undermining basic cybersecurity protections.

“We believe these (SAP) services are more susceptible to tenant isolation vulnerabilities because, by definition, they allow users to run AI models and applications – which is equivalent to executing arbitrary code,” the Wiz report said.

“As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant. The AI training process requires access to vast amounts of sensitive customer data, which turns AI training services into attractive targets for attackers. SAP AI Core offers integrations with S/4HANA and other cloud services, to access customers’ internal data via cloud access keys. These credentials are highly sensitive.”

Alarming holes

Given how widely deployed SAP systems are within enterprises, and how integrated SAP is with so many other enterprise-level applications and cloud environments, Wiz said the holes were especially alarming.

“By executing arbitrary code, we were able move laterally and take over the service – gaining access to customers’ private files, along with credentials to customers’ cloud environments: AWS, Azure, SAP S/4HANA Cloud, and more,” the report said. “The vulnerabilities we found could have allowed attackers to access customers’ data and contaminate internal artifacts – spreading to related services and other customers’ environments.” 

The Wiz report noted that researchers were able to access and often able to modify Docker images on SAP internal container registry, SAP’s Docker images on Google Container Registry, and SAP’s internal Artifactory server. They also gained cluster administrator privileges on SAP AI Core’s Kubernetes cluster, as well as gaining full access to a variety of SAP customers’ cloud credentials and private AI artifacts.

Risks involved in the rush to AI

Analysts and industry AI specialists found little surprising in the findings, but did agree that this should be a stark reminder that AI deployments need to be carefully and strictly scrutinized and managed by CISO teams. 

“There is this rush to deploy (AI) and security is an afterthought until something bad happens,” said Michelle Abraham, the IDC senior research director for security and trust.

Vaibhav Malik, the architect leader at Cloudflare, said that although AI may not be the direct cause of the SAP holes that were discovered, the mechanisms needed for GenAI rollouts often undermine defenses. 

“The vulnerabilities discovered in SAP AI Core are unfortunately not surprising to me. In my experience working on enterprise AI initiatives, I’ve observed a concerning trend where the rapid adoption of AI technologies often outpaces the implementation of robust security measures,” Malik said. “The ability to run arbitrary code for AI model training inherently creates a complex isolation problem. Traditional sandboxing techniques often fall short in AI environments. I’ve seen multiple cases where seemingly isolated environments were compromised due to overlooked interconnections or misconfigurations.”

Malik also noted that the ability described in the Wiz report to poison artifacts or compromise internal registries “highlights a critical weakness in many AI pipelines. In my experience, securing the entire AI supply chain — from data ingestion to model deployment — is an area where many organizations have significant blind spots.”

Forrester Research reached similar conclusions. 

The Wiz report “is mostly comprised of issues related to configuration and infrastructure that could jeopardize data in any cloud instance of any type. Based on the writeup,  these are issues related to infrastructure configured or implemented improperly in SAP’s AI Core offering. As a result, this could impact cloud infrastructure and the data it houses,” said Jeff Pollard, Forrester VP and principal analyst.

 “The issues are real and correct,” he added. “Better isolation such as microsegmentation using Zero Trust, and better configurations and implementations would’ve prevented this.” 

Another consultant, Three Arc Advisory President Meghan Anzelc, said that CISOs need to focus on the intersection of technology between AI and cybersecurity.

“AI cybersecurity issues are a combination of different areas of expertise not partnering appropriately upfront,” Anzelc said. “Data scientists are typically curious and creative, and many have no understanding of information security or cybersecurity issues and best practices. At the same time, you have traditional IT architecture and InfoSec teams who may not have ever worked with data scientists before, and are struggling with their needs for large data volumes, access to a wide range of data sources, often including sensitive information.

“You also have executives pushing to move quickly on AI, sometimes at organizations that have no internal AI or data science expertise, sometimes at organizations that have no or limited expertise in the particular cloud services needed. It’s a tricky combination.”

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.csoonline.com/article/2520751/sap-security-holes-raise-questions-about-the-rush-to-ai.html

Tags: businessholessecurity
Previous Post

Navigating the data management maze: How emerging tech and modern solutions are revolutionizing mainframe-to-cloud integration

Next Post

How Revolut’s creator strategy is benefitting from YouTube’s long-form swing

Trump Crypto Firm Announces $1.5 Billion Digital Coin Deal – The New York Times

Trump’s Crypto Company Unveils Revolutionary $1.5 Billion Digital Coin Deal

August 13, 2025
The end of ‘Townie Summer’: IU students return and stimulate Bloomington’s economy – WRTV

Townie Summer Wraps Up as IU Students Return, Revitalizing Bloomington’s Economy

August 13, 2025
John Davison departs from IGN Entertainment – GamesIndustry.biz

John Davison Steps Down from IGN Entertainment Leadership

August 13, 2025
Augusta Health takes a look at local health outcomes with needs assessment – The News Leader | Staunton, VA

Augusta Health Explores Local Health Outcomes Through Comprehensive Needs Assessment

August 13, 2025
Congressman Tom Suozzi: How to let our better impulses drive American politics – America Magazine

Congressman Tom Suozzi: How to let our better impulses drive American politics – America Magazine

August 13, 2025
WA Dept. of Ecology issues multi-million-dollar penalty to refineries for toxic waste violations – KIRO 7 News Seattle

WA Dept. of Ecology issues multi-million-dollar penalty to refineries for toxic waste violations – KIRO 7 News Seattle

August 13, 2025
Scientists discover brain layers that get stronger with age – ScienceDaily

Scientists Uncover Brain Layers That Grow Stronger as We Age

August 13, 2025
World’s first artificial tongue ‘tastes and learns’ like a real human organ – Live Science

Discover the World’s First Artificial Tongue That Tastes and Learns Just Like a Human!

August 13, 2025
Cyclic Living: Aligning Your Lifestyle With Your Hormones – The Indian Express

Cyclic Living: How to Align Your Lifestyle with Your Hormones for Better Wellbeing

August 13, 2025
Indirect tax transformation: Navigating change, embracing technology – Thomson Reuters tax and accounting

Revolutionizing Indirect Tax: Embracing Technology to Navigate Change

August 13, 2025

Categories

Archives

August 2025
MTWTFSS
 123
45678910
11121314151617
18192021222324
25262728293031
« Jul    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (768)
  • Economy (791)
  • Entertainment (21,668)
  • General (16,440)
  • Health (9,830)
  • Lifestyle (801)
  • News (22,149)
  • People (792)
  • Politics (800)
  • Science (16,004)
  • Sports (21,288)
  • Technology (15,771)
  • World (774)

Recent News

Trump Crypto Firm Announces $1.5 Billion Digital Coin Deal – The New York Times

Trump’s Crypto Company Unveils Revolutionary $1.5 Billion Digital Coin Deal

August 13, 2025
The end of ‘Townie Summer’: IU students return and stimulate Bloomington’s economy – WRTV

Townie Summer Wraps Up as IU Students Return, Revitalizing Bloomington’s Economy

August 13, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version