Hacker News new | ask | show | jobs
by jaaron 696 days ago
While I get that it's the AI product, the vulnerability here is the k8s configuration. It really has nothing to do with the AI product itself or AI training or anything related to machine learning or generative AI, it's more about poor cloud computing platform security.
3 comments
cchance 696 days ago
Which is possibly worse lol, the fact SAP a company as big as they are with as much critical information as they have, fucking up basic cloud security, they didn't even fuck up something new they fucked up common shit from the sound of it.
link
sunaookami 696 days ago
The bigger the company the less they care since no one will hold them accountable anyways.
link
dogbraid 696 days ago
Why do you say that? A bigger company has also more to loose with such a problem and therefore they care much more about such things.

Smaller companies can hide behind obscurity, not big company.

If the same thing happened to a company much smaller then SAP, it wouldn't have made hacker news.

link
sunaookami 695 days ago
And what consequences will this have for SAP? The same as with Microsoft who had major security fails over the last 20 years yet people still use their products and nearly every company uses Exchange.
link
rf15 695 days ago
A lot of companies are also Too Big To Fail/their products and security are secondary to service and customer relations. IBM can deliver failed product after failed product, and companies still buy from them.
link
cchance 695 days ago
I mean when big companies make billions and then get exploited and have a 5m fine, its basically pennies on the dollar that they are paying and they take it as any time they get caught fucking up as just operational costs.

Crowdstrike took a 10% stock hit, but i from what i've seen of corps i work with the longterm affect at C-level decisions won't change and most if not all the contracts will stay in place and the stock will recover in a few weeks.

link
bilekas 696 days ago
The article doesn't say that it is an issue with the product itself though. It explains very well than infact it's the isolation of the AI training models.

> The root cause of these issues was the ability for attackers to run malicious AI models and training procedures, which are essentially code

It's being researched and investigated, to my understanding, due to the prevalence of AI products and the need to be mindful of the infrastructure.

link
j45 696 days ago
The brand that sells is the brand at fault.

Securing it or knowing to secure it or testing it or never releasing it until it was secure is all things that are with the brand making the sale.

link