“As AI infrastructure becomes the foundation of many business environments, the consequences of these attacks are becoming more and more serious. The AI training process requires access to large amounts of sensitive customer data, which turns AI training resources into targets for attackers. SAP AI Core offers integration with S/4HANA and other cloud services, to access internal customer data with cloud access keys. These symptoms are very serious. “
Scary holes
Given how widely distributed SAP systems are within enterprises, and how SAP is integrated with many other enterprise-level applications and cloud environments, Wiz said the holes are particularly alarming.
“Using the wrong code, we were able to bypass and manage the service – we got access to customers’ private files, as well as details of customers’ cloud environments: AWS, Azure, SAP S/4HANA Cloud, and others,” the report said. said. “The vulnerability we discovered could have allowed attackers to access customer data and contaminate internal artifacts – which spread to other customers’ location-related services.”
Source link