Cybersecurity researchers at Oligo Security identified an active exploit of an unpatched vulnerability in Anyscale's Ray AI software, named ShadowRay and tracked as CVE-2023-48022.

The vulnerability has been exploited for seven months, allowing remote code execution through the job submission API, leading to data breaches and unauthorized cryptocurrency mining.

Attackers gaining root privileges can access victims' entire cloud environments, including services in AWS, Google, and Microsoft Azure, and steal sensitive data such as credentials for OpenAI, Stripe, Slack, along with password hashes and private SSH keys.

Anyscale has yet to release a fix but is developing a script to assist users in verifying secure configurations to prevent accidental exposure.

Oligo Security has provided organizations with indicators of compromise and mitigation strategies to protect against unauthorized access to their clusters.

This incident marks the first known targeted attack on AI workloads through AI infrastructure vulnerabilities, highlighting the emerging need for robust security in AI systems.