Shared network vulnerability disclosure – Replicate blog

This post shares details of a security vulnerability disclosed to us in January 2024 by our friends at Wiz, a cloud security company.

Their findings revealed that our infrastructure could have allowed a malicious model to access sensitive data. We took their report seriously, and deployed a full mitigation within 24 hours of speaking with Wiz (just over two weeks after their initial disclosure). We have since deployed additional mitigations for the issue and are now encrypting all internal traffic and restricting privileged network access for all model containers. During our investigation and mitigation, we found no evidence that this vulnerability was exploited.

Read on to learn more about the details of the vulnerability and the steps we are taking to keep Replicate secure.

Running models safely in production

At Replicate, our job is to make it easy for you to build amazing things with machine learning models. We work hard to make sure your models are reliable, fast, and scale automatically when you need them to. Equally important but less visible is our commitment to making Replicate a secure and trusted platform for you to run your workloads.

Shared network vulnerability disclosure – Replicate blog

Other newsrooms on this story

Related reading

How Cloudflare responded to the “Copy Fail” Linux vulnerability

SharePoint vulnerability with 9.8 severity rating under exploit across globe

The Cloudflare Blog: Incident Response

Trellix Confirms Source Code Breach With Unauthorized Repository Access

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6…