Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore critical security vulnerabilities discovered across Azure MLOps tooling suites in this 47-minute conference talk from Black Hat Asia. Delve into newly identified security flaws affecting traditional Azure-CLI and AzureDev tools as well as cutting-edge platforms like PromptFlow, Azure-AI-Generative, and DeepSpeed. Learn how these vulnerabilities can be exploited throughout the entire Azure MLOps lifecycle, impacting model training, testing, evaluation, and synthesis in both cloud and on-premise environments. Discover how the presenter reported findings to Microsoft's Security Response Center through their Coordinated Vulnerability Disclosure Program, resulting in five reports acknowledged as important severity with security impacts ranging from Local Privilege Escalation to Remote Code Execution, plus three moderate and two low severity reports. Understand how most vulnerabilities stem from accidental corner-case oversights in codebases where secure solutions already exist but were overlooked during implementation. Examine the concerning pattern of incomplete fixes and unpatched oversights that emerged during the coordinated disclosure process. Gain insights into potential countermeasures designed to increase maintainer vigilance and prevent recurring security oversights in Azure MLOps environments.
