Uncovering Azure's Silent Threats - A Journey Into Cloud Vulnerabilities

Embark on a journey into cloud vulnerabilities with this conference talk that uncovers silent threats in Azure's Machine Learning as a Service platform. Explore five critical vulnerabilities discovered across three broad classes of security issues in Azure ML. Learn about insecure logging of sensitive information, including five instances of credential leakage in cleartext on Compute Instances. Discover how exposed APIs in cloud middleware can lead to sensitive information disclosure, potentially enabling lateral movement for network-adjacent attackers. Gain insights into various analysis techniques used to assess managed services like Azure ML, and understand the complexities of the shared responsibility model for cloud security. Delve into the implications of these findings for companies building AI/ML systems and services similar to ChatGPT.