UHG
Search
Close this search box.

The Hidden Risks in Open-Source AI Models

“If you ever thought that popular packages are safe, not necessarily. Attackers focus on those assets to deliver immediate attacks,” said Jossef Kadouri of CheckMarx.

Share

Hidden Risks in Open-Source AI Models

Illustration by Nikhil Kumar

Recently, Meta chief Mark Zuckerberg, a crusader of open-source models, emphasised the safety aspects for the models. “There is an ongoing debate about the safety of open-source AI models, and my view is that open-source AI will be safer than its alternatives. I think governments will conclude it’s in their interest to support open source because it will make the world safer and more prosperous,” he said.  

However, open-source platforms are not immune to data threats. With the rise in cybersecurity incidents, with over 343 million victims reported just last year, the focus is back on data security, especially with AI in the picture. 

“One of the biggest challenges today is the new field of AI and finding how attackers are going to use AI to attack us. We take a step, the attackers take a step. It’s a never-ending game and the gap is minimising. I can’t predict what’s going to happen next year because this technology is developing exponentially,” said Jossef Harush Kadouri, the head of supply chain security at CheckMarx, in an exclusive interaction with AIM at the recent Accel Cybersecurity Summit. 

Cyber Attacks on Open Platforms

Kadouri, who works out of Tel Aviv, Israel, is in charge of protecting enterprises against software supply chain attacks. He has previously served in the Israel Defense Force’s cybersecurity wing for over four years. He currently ranks in the top 1% of users on Stack Overflow. 

Alluding to how packages with high ratings does not mean they are safe from malicious attacks even on platforms such as GitHub and Hugging Face, Kadouri said, “Now, if you ever thought that popular packages are safer, not necessarily. 

Attackers focus on those assets to deliver immediate attacks,” he said, emphasising on typosquatting, where Python developers are targeted through registered misspelled versions of popular packages such as Selenium

“Once we investigated the actual code executed in this malicious package, this code was highly cryptic, obfuscated, hard to read and understand, and it’s executed upon installation,” warned Kadouri. Over 900 packages containing obfuscated codes that execute upon installation were revealed. 

Hugging Face is the Disneyland of Open-Source Models

Popular developer platforms such as GitHub and Hugging Face have not been free of all kinds of threats. Though Hugging Face is taking active measures to prevent backdoor threats, the platform is susceptible to model-based attacks

“Hugging Face is like the Disneyland of LLM, open-source models, and pre-trained models,” said Kadouri.

Various forms of cyber attacks are continuously taking place on these platforms. Malicious browser extensions are another common route through which hackers syphon off money. 

In the context of cryptocurrency transfers, users typically copy and paste wallet addresses to avoid errors. It was revealed that a malicious browser extension could alter the copied address, potentially redirecting crypto funds to a different wallet. 

“This is how sophisticated the attacks are. You would only realise it once it’s too late. You can’t undo a crypto transaction,” said Kadouri. 

Cyber Threat Awareness

With the rising cyber attack cases, one of the biggest needs of the hour is awareness. “I think what we need to do is educate and raise awareness that we have bad guys operating in this attack surface,” said Kadouri, who supports the whole open platform that enables developers build products, however, is wary of the risks that are apparent. 

“It’s a good thing to do, but they [platforms] also don’t vet the content they host. So this is why we need to stay alert from things that may look legitimate, but are not. Because, anyone can contribute fresh new content to open source and disguise it as something that is well worth it,” he said.  

Interestingly, Rahul Sasi, the co-founder and CEO of CloudSEK, an AI-powered digital risk management enterprise, reflected similar sentiments. 

Speaking about the recent Indian telecom operator whose user data was hacked (without taking names), Sasi mentioned that the companies don’t acknowledge it, which is a problem that hinders cybersecurity awareness. 

“I mean, the problem with this company is that they also don’t understand. Or many times the security teams understand, but then there is high pressure on the top management not to accept it,” said Sasi, in an exclusive interaction with AIM

“Things have improved in the last 10 years. But, it hasn’t reached where it should. In my perspective, maybe in another 10 years it hopefully will. The media also has a role to play here. If you try to blame somebody, they’ll always try to defend,” he said. 

With AI in the cybersecurity scene, optimism is on the higher end. However, Kadouri doesn’t completely believe so. 

AI in Cyberattacks  

Speaking about how AI has added to cyberattacks through deep-fake technology, for instance, Kadouri still “wants to believe” that AI might be a problem-solver too. 

“I can definitely see AI helping us defenders do our jobs better, reduce manual labour and automate things. But, if they’re [cyber attackers] so good at fooling human beings, they’re probably going to be good at fooling AI too,” he said. 

“I mean, time will tell,” he concluded. 

📣 Want to advertise in AIM? Book here

Picture of Vandana Nair

Vandana Nair

As a rare blend of engineering, MBA, and journalism degree, Vandana Nair brings a unique combination of technical know-how, business acumen, and storytelling skills to the table. Her insatiable curiosity for all things startups, businesses, and AI technologies ensures that there's always a fresh and insightful perspective to her reporting.
Related Posts
19th - 23rd Aug 2024
Generative AI Crash Course for Non-Techies
Upcoming Large format Conference
Sep 25-27, 2024 | 📍 Bangalore, India
Download the easiest way to
stay informed

Subscribe to The Belamy: Our Weekly Newsletter

Biggest AI stories, delivered to your inbox every week.

Flagship Events

Rising 2024 | DE&I in Tech Summit
April 4 and 5, 2024 | 📍 Hilton Convention Center, Manyata Tech Park, Bangalore
Data Engineering Summit 2024
May 30 and 31, 2024 | 📍 Bangalore, India
MachineCon USA 2024
26 July 2024 | 583 Park Avenue, New York
MachineCon GCC Summit 2024
June 28 2024 | 📍Bangalore, India
Cypher USA 2024
Nov 21-22 2024 | 📍Santa Clara Convention Center, California, USA
Cypher India 2024
September 25-27, 2024 | 📍Bangalore, India
discord-icon
AI Forum for India
Our Discord Community for AI Ecosystem, In collaboration with NVIDIA.