A critical vulnerability named ShadowRay was discovered in the Ray AI framework, identified as CVE-2023-48022.

The ShadowRay flaw lets attackers issue system commands through Ray's job submission API, potentially accessing all nodes in a cluster and retrieving sensitive credentials.

Anyscale, the Ray framework's maintainer, has patched four out of six identified vulnerabilities but downplays the severity of the remote code execution (RCE) issue.

Cybersecurity group Oligo warns that the RCE vulnerability is being actively exploited, posing a threat to AI workloads and company data across multiple high-profile firms.

Financial damages from the exploitation of this vulnerability over a seven-month period could amount to an estimated $1 billion.

Compromised systems have leaked access to Kubernetes API and Slack tokens, increasing the risk of further security breaches.

Oligo suspects a sophisticated hacking group is behind the ShadowRay campaign and urges organizations to enhance security measures beyond relying on framework updates.