AI-Related Data Breaches: Inside Major Cybersecurity Threat
Artificial intelligence is changing businesses at an incredibly fast rate, but this rapid growth of AI systems has also resulted in new risks surrounding cybersecurity. During the past two years, companies globally have seen a significant increase in the number of data breaches associated with AI, involving exposed training datasets, prompt leaks, compromised AI chatbots, and insecure machine-learning infrastructure.
As organizations begin to integrate generative AI into their procedures and operations, security specialists warn that criminals view AI systems as becoming attractive targets for cybercrime, as they process vast quantities of sensitive data such as customer accounts, internal company documents, source code, healthcare data, and financial records.
Because of the rush to implement generative AI within businesses, many businesses are discovering that their traditional security strategies do not always offer the best protection when it comes to the new and modern AI ecosystem.
What are AI-Related Data Breaches?
AI-related data breaches are incidents where AI systems, machine learning systems, or applications using artificial intelligence expose, leak, or lose sensitive data, such as that resulting from cyber attack(s), insecure integration(s), insider threat(s), misconfiguration(s), etc.
There are several examples of AI-related data breaches:
Compromised AI chatbots
Exposed training datasets
Prompt injections
API key leaks
Insecure AI extensions and plugins
Improperly configured cloud storage for AI models
Stored data poisoning
Unauthorized access to large language models
AI cyber attacks are a growing issue. Cybercriminals are starting to use generative AI technologies like ChatGPT as weapons of choice for launching attacks against organizations because they can generate content faster than anyone else could.
4,000 Internal Repositories Breach at GitHub: Expert’s Review
The hack of GitHub is being reported as one of the largest cybersecurity incidents in recent history. A threat actor has claimed to have accessed and exfiltrated data from 4000+ (actually, there are about 4004 total internal repositories) internal repositories of GitHub (private). The hack was reportedly accomplished through a poisoned Visual Studio Code extension (a code editor from Microsoft that runs on all major operating systems). Most importantly, this security incident has raised new concerns around software supply chain attacks, developer endpoint security, and the rapid evolution of groups of cybercriminals targeting software providers.
What Happened in the GitHub Breach?
We first learned of this breach after the hacking group known as TeamPCP allegedly posted the stolen data from GitHub for sale on an underground cybercrime forum. After receiving reports about the alleged sale of stolen GitHub data, GitHub stated that they confirmed that a group of hackers had accessed their internal repositories and that the incident occurred as a result of a compromised employee device that had been infected by the malicious Visual Studio Code extension.
As part of the company’s incident response, they removed the malicious Visual Studio Code extension very quickly and isolated the endpoint that had been infected. Investigations indicate that the attackers accessed the internal repositories instead of accessing any of GitHub’s customer-owned private repositories or enterprise environments when performing their actions.
GitHub has also stated that the number of repositories that the hacker has listed in their post (approximately 3,800) is “directionally consistent” with GitHub’s own internal investigation results.
4,000 Internal Repositories Breach at GitHub: Expert’s Review
