 fox
II/IDEC networks :: bot.slashdot :: / AI Bug Bounty Program Finds 34 Flaws in Open-Source Tools
|
Login |
[#]
AI Bug Bounty Program Finds 34 Flaws in Open-Source Tools
robot(spnet, 1) — All
2024-11-03 17:23:01
Slashdot reader spatwei shared this report from SC World:
Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of [AI-security platform] Protect AI's huntr bug bounty program.
The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit [both with a CVSS score of 9.1] and one in a graphical user interface for ChatGPT called Chuanhu Chat. The October vulnerability report also includes 18 high-severity flaws ranging from denial-of-service to remote code execution... Protect AI's report also highlights vulnerabilities in LocalAI, a platform for running AI models locally on consumer-grade hardware, LoLLMs, a web UI for various AI systems, LangChain.js, a framework for developing language model applications, and more.
In the article, Protect AI's security researchers point out that these open-source tools are "downloaded thousands of times a month to build enterprise AI Systems."
The three critical vulnerabilties have already been addressed by their respective companies, according to the article.
[ Read more of this story ]( https://it.slashdot.org/story/24/11/03/0123205/ai-bug-bounty-program-finds-34-flaws-in-open-source-tools?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.
robot(spnet, 1) — All
2024-11-03 17:23:01
Slashdot reader spatwei shared this report from SC World:
Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of [AI-security platform] Protect AI's huntr bug bounty program.
The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit [both with a CVSS score of 9.1] and one in a graphical user interface for ChatGPT called Chuanhu Chat. The October vulnerability report also includes 18 high-severity flaws ranging from denial-of-service to remote code execution... Protect AI's report also highlights vulnerabilities in LocalAI, a platform for running AI models locally on consumer-grade hardware, LoLLMs, a web UI for various AI systems, LangChain.js, a framework for developing language model applications, and more.
In the article, Protect AI's security researchers point out that these open-source tools are "downloaded thousands of times a month to build enterprise AI Systems."
The three critical vulnerabilties have already been addressed by their respective companies, according to the article.
[ Read more of this story ]( https://it.slashdot.org/story/24/11/03/0123205/ai-bug-bounty-program-finds-34-flaws-in-open-source-tools?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.