AI development tools hunt to ensure align with company guidance:
Quick review to detect some common AI tools with vulnerabilities based on EDR data
Possible false-positive cmdline arguments for mlflow that may want to exclude but not sure if variable for that: "--disable-mlflow", "--skip-mlflow", "--skip_mlflow"
There would be additional patterns for web url path but I don't think there is a variable for it either (ex: "/ajax-api/2.0/preview/mlflow/")
AI development tools hunt to ensure align with company guidance:
Quick review to detect some common AI tools with vulnerabilities based on EDR data Possible false-positive cmdline arguments for mlflow that may want to exclude but not sure if variable for that: "--disable-mlflow", "--skip-mlflow", "--skip_mlflow" There would be additional patterns for web url path but I don't think there is a variable for it either (ex: "/ajax-api/2.0/preview/mlflow/")
Inspired from https://protectai.com/blog/hacking-ai-system-takeover-in-mlflow-strikes-again-and-again https://protectai.com/threat-research/november-vulnerability-report https://docs.h2o.ai/h2o/latest-stable/h2o-docs/starting-h2o.html#multicast https://docs.ray.io/en/latest/ray-security/index.html