* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, May 28, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Drew Brees opens Surge Entertainment Center in Metairie hot spot for new businesses – NOLA.com

    Drew Brees Unveils Exciting New Surge Entertainment Center in Metairie!

    Will Gio Stay Or Go On May 27 General Hospital? – Yahoo

    Will Gio Make a Shocking Exit on May 27th’s General Hospital

    First look: Disney shows star villains, Little Mermaid, tech – Yahoo

    Unveiling Disney’s Dark Side: A Sneak Peek at Iconic Villains, The Little Mermaid, and Cutting-Edge Technology!

    Fans Call Out Disney For Cutting Favorite ‘Lilo & Stitch’ Character: ‘It Makes Me Want to Cry’ – Yahoo

    Disney Fans Heartbroken Over the Cut of Beloved ‘Lilo & Stitch’ Character: ‘It Makes Me Want to Cry

    Oh My Girl’s sister group USPEER from WM Entertainment introduces individual members with high-energy clips for ‘Speed Zone’ debut – allkpop

    Get Ready to Meet USPEER: Oh My Girl’s Sister Group Unveils Dynamic Members in ‘Speed Zone’ Debut Clips!

    Ways to save money on entertainment and travel this summer – CBS News

    Smart Strategies to Slash Your Summer Entertainment and Travel Costs!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    MSE, DXC Technology expand tech partnership – Sports Business Journal

    MSE, DXC Technology expand tech partnership – Sports Business Journal

    Technology Driving Performance: How Elite MA Plans Leverage Data, Care Coordination, and Advanced Analytics to Thrive Amid CMS’s Rigorous 2025 Standards, Black Book – Newswire.com

    Unlocking Success: How Top MA Plans Harness Data and Analytics to Excel Under CMS’s 2025 Standards

    Arqit acquires Ampliphae’s technology IP, enhancing its global encryption portfolio – GlobeNewswire

    Arqit Boosts Global Encryption Portfolio with Strategic Acquisition of Ampliphae’s Technology IP

    Searenergy partners with Tethys Robotics on subsea inspection technology – Windtech International

    Searenergy partners with Tethys Robotics on subsea inspection technology – Windtech International

    China successfully tests new-gen satellite-to-ground data transmission technology – Global Times

    China successfully tests new-gen satellite-to-ground data transmission technology – Global Times

    Wireless Connectivity Technology Market Set to Witness – openPR.com

    Exploring the Future: Wireless Connectivity Technology Market Poised for Remarkable Growth!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Drew Brees opens Surge Entertainment Center in Metairie hot spot for new businesses – NOLA.com

    Drew Brees Unveils Exciting New Surge Entertainment Center in Metairie!

    Will Gio Stay Or Go On May 27 General Hospital? – Yahoo

    Will Gio Make a Shocking Exit on May 27th’s General Hospital

    First look: Disney shows star villains, Little Mermaid, tech – Yahoo

    Unveiling Disney’s Dark Side: A Sneak Peek at Iconic Villains, The Little Mermaid, and Cutting-Edge Technology!

    Fans Call Out Disney For Cutting Favorite ‘Lilo & Stitch’ Character: ‘It Makes Me Want to Cry’ – Yahoo

    Disney Fans Heartbroken Over the Cut of Beloved ‘Lilo & Stitch’ Character: ‘It Makes Me Want to Cry

    Oh My Girl’s sister group USPEER from WM Entertainment introduces individual members with high-energy clips for ‘Speed Zone’ debut – allkpop

    Get Ready to Meet USPEER: Oh My Girl’s Sister Group Unveils Dynamic Members in ‘Speed Zone’ Debut Clips!

    Ways to save money on entertainment and travel this summer – CBS News

    Smart Strategies to Slash Your Summer Entertainment and Travel Costs!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    MSE, DXC Technology expand tech partnership – Sports Business Journal

    MSE, DXC Technology expand tech partnership – Sports Business Journal

    Technology Driving Performance: How Elite MA Plans Leverage Data, Care Coordination, and Advanced Analytics to Thrive Amid CMS’s Rigorous 2025 Standards, Black Book – Newswire.com

    Unlocking Success: How Top MA Plans Harness Data and Analytics to Excel Under CMS’s 2025 Standards

    Arqit acquires Ampliphae’s technology IP, enhancing its global encryption portfolio – GlobeNewswire

    Arqit Boosts Global Encryption Portfolio with Strategic Acquisition of Ampliphae’s Technology IP

    Searenergy partners with Tethys Robotics on subsea inspection technology – Windtech International

    Searenergy partners with Tethys Robotics on subsea inspection technology – Windtech International

    China successfully tests new-gen satellite-to-ground data transmission technology – Global Times

    China successfully tests new-gen satellite-to-ground data transmission technology – Global Times

    Wireless Connectivity Technology Market Set to Witness – openPR.com

    Exploring the Future: Wireless Connectivity Technology Market Poised for Remarkable Growth!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Business

SAP security holes raise questions about the rush to AI

July 19, 2024
in Business
SAP security holes raise questions about the rush to AI
Share on FacebookShare on Twitter

Cloud security firm Wiz has published a detailed report about SAP security holes, now patched, that raises alarming questions about the secondary role AI efforts are having on cybersecurity defenses.

Cloud security firm Wiz has probed SAP defenses as part of its tenant isolation research on AI service providers, and on Wednesday published a lengthy list of shortcomings. SAP says that they fixed all of the problems before Wiz published.

Most deal with either a lack of meaningful segmentation or network components trusting other components without any authentication — a violation of the basic tenet of Zero Trust. Although AI played a minor role in the problems, some have pointed to the report as further evidence that the rush to GenAI deployments is undermining basic cybersecurity protections.

“We believe these (SAP) services are more susceptible to tenant isolation vulnerabilities because, by definition, they allow users to run AI models and applications – which is equivalent to executing arbitrary code,” the Wiz report said.

“As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant. The AI training process requires access to vast amounts of sensitive customer data, which turns AI training services into attractive targets for attackers. SAP AI Core offers integrations with S/4HANA and other cloud services, to access customers’ internal data via cloud access keys. These credentials are highly sensitive.”

Alarming holes

Given how widely deployed SAP systems are within enterprises, and how integrated SAP is with so many other enterprise-level applications and cloud environments, Wiz said the holes were especially alarming.

“By executing arbitrary code, we were able move laterally and take over the service – gaining access to customers’ private files, along with credentials to customers’ cloud environments: AWS, Azure, SAP S/4HANA Cloud, and more,” the report said. “The vulnerabilities we found could have allowed attackers to access customers’ data and contaminate internal artifacts – spreading to related services and other customers’ environments.” 

The Wiz report noted that researchers were able to access and often able to modify Docker images on SAP internal container registry, SAP’s Docker images on Google Container Registry, and SAP’s internal Artifactory server. They also gained cluster administrator privileges on SAP AI Core’s Kubernetes cluster, as well as gaining full access to a variety of SAP customers’ cloud credentials and private AI artifacts.

Risks involved in the rush to AI

Analysts and industry AI specialists found little surprising in the findings, but did agree that this should be a stark reminder that AI deployments need to be carefully and strictly scrutinized and managed by CISO teams. 

“There is this rush to deploy (AI) and security is an afterthought until something bad happens,” said Michelle Abraham, the IDC senior research director for security and trust.

Vaibhav Malik, the architect leader at Cloudflare, said that although AI may not be the direct cause of the SAP holes that were discovered, the mechanisms needed for GenAI rollouts often undermine defenses. 

“The vulnerabilities discovered in SAP AI Core are unfortunately not surprising to me. In my experience working on enterprise AI initiatives, I’ve observed a concerning trend where the rapid adoption of AI technologies often outpaces the implementation of robust security measures,” Malik said. “The ability to run arbitrary code for AI model training inherently creates a complex isolation problem. Traditional sandboxing techniques often fall short in AI environments. I’ve seen multiple cases where seemingly isolated environments were compromised due to overlooked interconnections or misconfigurations.”

Malik also noted that the ability described in the Wiz report to poison artifacts or compromise internal registries “highlights a critical weakness in many AI pipelines. In my experience, securing the entire AI supply chain — from data ingestion to model deployment — is an area where many organizations have significant blind spots.”

Forrester Research reached similar conclusions. 

The Wiz report “is mostly comprised of issues related to configuration and infrastructure that could jeopardize data in any cloud instance of any type. Based on the writeup,  these are issues related to infrastructure configured or implemented improperly in SAP’s AI Core offering. As a result, this could impact cloud infrastructure and the data it houses,” said Jeff Pollard, Forrester VP and principal analyst.

 “The issues are real and correct,” he added. “Better isolation such as microsegmentation using Zero Trust, and better configurations and implementations would’ve prevented this.” 

Another consultant, Three Arc Advisory President Meghan Anzelc, said that CISOs need to focus on the intersection of technology between AI and cybersecurity.

“AI cybersecurity issues are a combination of different areas of expertise not partnering appropriately upfront,” Anzelc said. “Data scientists are typically curious and creative, and many have no understanding of information security or cybersecurity issues and best practices. At the same time, you have traditional IT architecture and InfoSec teams who may not have ever worked with data scientists before, and are struggling with their needs for large data volumes, access to a wide range of data sources, often including sensitive information.

“You also have executives pushing to move quickly on AI, sometimes at organizations that have no internal AI or data science expertise, sometimes at organizations that have no or limited expertise in the particular cloud services needed. It’s a tricky combination.”

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.csoonline.com/article/2520751/sap-security-holes-raise-questions-about-the-rush-to-ai.html

Tags: businessholessecurity
Previous Post

Navigating the data management maze: How emerging tech and modern solutions are revolutionizing mainframe-to-cloud integration

Next Post

How Revolut’s creator strategy is benefitting from YouTube’s long-form swing

May 15 – Ecology proposes new updates to help industry transition to clean semi-trucks – Washington State Department of Ecology (.gov)

Ecology Unveils Exciting New Updates to Accelerate the Shift to Clean Semi-Trucks!

May 28, 2025
Earth’s core is ‘leaking’ gold, study finds – Live Science

Unlocking Earth’s Secrets: New Study Reveals Gold is ‘Leaking’ from the Core!

May 28, 2025
Reading Science Center awarded $175,500 Neighborhood Assistance Tax Credit to double education space – Berks Weekly

Reading Science Center Secures $175,500 Tax Credit to Expand Educational Space!

May 28, 2025

Want to Live Long? Lifestyle Matters More Than Genes – Time Magazine

May 28, 2025
This City Was Named the World’s Fastest-growing Wealth Hub With 156 Centimillionaires and 22 Billionaires – Travel + Leisure

This City Was Named the World’s Fastest-growing Wealth Hub With 156 Centimillionaires and 22 Billionaires – Travel + Leisure

May 28, 2025
Five Things We Learned About…The Creator Economy From D&AD Festival – Creative Salon

Unlocking Insights: Five Key Takeaways on the Creator Economy from D&AD Festival

May 28, 2025
New Portland entertainment venue to begin construction in June – KGW

Exciting New Entertainment Venue Set to Break Ground in Portland This June!

May 28, 2025
Can domestic financing solve the global health funding crisis? – Devex

Can domestic financing solve the global health funding crisis? – Devex

May 28, 2025
Brian Hughes to become NASA Chief of Staff – Florida Politics

Brian Hughes Takes the Helm as NASA’s New Chief of Staff!

May 28, 2025
MSE, DXC Technology expand tech partnership – Sports Business Journal

MSE, DXC Technology expand tech partnership – Sports Business Journal

May 28, 2025

Categories

Archives

May 2025
MTWTFSS
 1234
567891011
12131415161718
19202122232425
262728293031 
« Apr    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (647)
  • Economy (660)
  • Entertainment (21,567)
  • General (15,246)
  • Health (9,702)
  • Lifestyle (663)
  • News (22,149)
  • People (662)
  • Politics (668)
  • Science (15,883)
  • Sports (21,167)
  • Technology (15,648)
  • World (648)

Recent News

May 15 – Ecology proposes new updates to help industry transition to clean semi-trucks – Washington State Department of Ecology (.gov)

Ecology Unveils Exciting New Updates to Accelerate the Shift to Clean Semi-Trucks!

May 28, 2025
Earth’s core is ‘leaking’ gold, study finds – Live Science

Unlocking Earth’s Secrets: New Study Reveals Gold is ‘Leaking’ from the Core!

May 28, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version