CSOonline

Critical PyTorch flaw puts sensitive AI data at risk

Researchers have discovered a critical flaw in PyTorch’s distributed RPC system, allowing attackers to execute arbitrary commands on the OS and steal AI training data. Popular machine learning ...
CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...