《Orca Security：2024年AI安全状况报告：云计算中AI风险态势研究报告（英文版）（37页）.pdf》由会员分享，可在线阅读，更多相关《Orca Security：2024年AI安全状况报告：云计算中AI风险态势研究报告（英文版）（37页）.pdf（37页珍藏版）》请在三个皮匠报告上搜索。

1、State of Security ReportUnveiling the numbers and insights behind the prevalence of AI risks in the cloud20242024 STATE OF AI SECURITY REPORTInside This ReportForeword01About the Orca Research Pod02Executive summary03Key findings051.General AI usage2.Usage by AI service3.Usage by AI model4.Usage by

2、AI package070809101.AI usage062.Vulnerabilities in AI packages 111.Introduction 2.Default Amazon SageMaker bucket names15163.Exposed AI models141.Exposed access keys 2.Exposed keys in commit history3.Roles and permissions1819204.Insecure access 176.Encryption 26About Orca Security34Challenges in AI

3、securityKey recommendationsAI GoatHow can Orca help?303132337.Conclusion295.Misconfigurations211.Session authentication(IMDSv2)2.Root access 3.Private endpoints 2324252024 STATE OF AI SECURITY REPORTForewordAI usage is exploding.Gartner predicts that the AI software market will grow 19.1%annually,re

4、aching$298 billion by 2027.In many ways,AI is now in the stage reminiscent of where cloud computing was over a decade ago.At that time,speed of innovation was the focus,and it came at the expense of security.One such example was where storage buckets were spun up at the speed of the cloud,but were b

5、eing left exposed to the Internet-without considering the security implications.Fast forward to today,we are now witnessing the signs that history may repeat itself.Many AI services are defaulting to wide access and full permissions,focusing on speed of delivery while sacrificing security measures.Y

6、et unlike a decade ago,we are now more prepared to secure emerging AI technologies and models.Awareness and education play a key role in achieving this goal,which is why we are releasing this inaugural report.We hope the report will help developers,CISOs,and security professionals better understand