AISec Case Study - Compromised PyTorch Dependency Chain

Compromised PyTorch Dependency Chain

Case Study Number - AISec-0002/24

Summary

In a striking breach of security, malicious binaries masquerading as PyTorch dependencies compromised sensitive data on numerous Linux systems through PyPI, unveiling the dangers of dependency confusion in software supply chains.

Threat Capability Level (all levels)Productionised and Deployed: TRL9

Primary Threat Vector - Deepfake

Date – December 2022

Reporter – PyTorch

Actor – Unknown

Target - PyTorch

Incident Detail

Linux packages for PyTorch's pre-release version, known as Pytorch-nightly, were compromised from 25 to 30 December 2022 by a malicious binary uploaded to the Python Package Index (PyPI) code repository. The malicious binary bore the same name as a PyTorch dependency, leading the PyPI package manager (pip) to install this malevolent package instead of the legitimate one.

This supply chain attack, also termed "dependency confusion," compromised sensitive information on Linux machines that had the affected pip-installed versions of PyTorch-nightly. On 30 December 2022, PyTorch announced the breach and initial steps towards mitigation, including the renaming and removal of torchtriton dependencies.

Tactics, Techniques, and Procedures

Mitigations

  • Undertake an AI security assessment (link).

  • Catalogue your AI infrastructure assets (hardware and software).

  • Employ a Secure by design methodology for the development of your AI products and services.

  • Gain a comprehensive understanding of your supply chain and construct your AI Bill of Materials (AIBOM).

  • Maintain an Open Source Intelligence (OSINT) feed to stay abreast of emerging AI threat vectors.

  • Autonomously track, prioritise, and document your vulnerabilities – there are too many for humans to do it.

  • Utilise a quantitative risk management strategy that justifies investment returns of your control measure.

  • Initiate a consultation call or go to my useful resources for AI Security.



Final Note

Leadership is the fundament solution to Cybersecurity, so become a cyber leader, not a cyber manager!

Reference

Other Related Articles



More AI Security Case Studies

Previous
Previous

🚨 Cybersecurity Alert: New Insights from Microsoft's MTAC-East Asia Report (April 2024)🚨

Next
Next

AI Security Case Study - Bypassing ID.me AI identity Verification - costing $3.4 million.