SAP AI Core: Patch Those Vulnerabilities Now! (“SAPwned” Shows Serious Security Risks)
Don’t let your AI become a liability! Recent research by Wiz uncovered a collection of vulnerabilities in SAP AI Core, a platform for building and deploying artificial intelligence models. These flaws, dubbed “SAPwned” by Wiz, could have allowed attackers to steal sensitive customer data and wreak havoc on AI projects.
Here’s the lowdown:
- Malicious AI Training? Attackers could embed malicious code within what appeared to be regular AI training procedures. This sneaky tactic would grant them unauthorised access to SAP AI Core.
- Data at Risk? Absolutely. Once inside, attackers could grab sensitive information like customer files and login credentials for cloud storage like AWS and Azure. Yikes!
- AI Model Manipulation? You Bet. Hackers could corrupt internal AI models and data, potentially impacting other platform customers. Talk about a domino effect!
- Network Shenanigans? They Got That, Too. Attackers could exploit weaknesses to bypass security restrictions and access customer code and training data. Not ideal.
The good news is that these vulnerabilities were responsibly reported to SAP and patched in May 2024. However, this incident serves as a stark reminder that AI security is paramount.

Here’s what you can do:
- Patch it Up! Ensure you’ve downloaded and applied the latest update for SAP AI Core. Don’t be that person who gets caught napping!
- Scrutinise Your Training Data. Be vigilant about what data you feed your AI models. Malicious code can hide anywhere.
- Stay Updated. Keep yourself informed about the latest security threats in the ever-evolving world of AI.
By taking these steps, you can ensure your AI projects are bastions of security, not treasure troves for cybercriminals. Remember, a secure AI is a happy AI (and a relieved IT team)!