Cloud service providers offer machine learning as a service, MLaaS, platform, enabling companies to leverage the power of scalability and reliability while performing ML operations. As companies rush to build AI services like ChatGPT, the security implications of these complex systems often go unexplored. Recent discoveries in Azure Machine Learning (AML) reveal concerning vulnerabilities that could compromise entire ML workspaces and expose sensitive data.

The interconnected nature of MLaaS platforms, combining user-managed and provider-managed components, creates unique security challenges. From credential leakage in compute instances to exposed APIs in cloud middleware, these vulnerabilities demonstrate how traditional security boundaries become blurred in modern cloud architectures.

With researchers uncovering methods to achieve stealthy persistence and lateral movement in AML environments, it's crucial for security professionals to understand these emerging threats and strengthen their cloud security posture.

This session, led by Nitesh Surana, senior threat researcher at Trend Micro, will cover:

• Critical vulnerabilities discovered in Azure ML service
• Analysis of credential leakage through insecure logging and system design
• Techniques for identifying and exploiting exposed APIs in cloud middleware
• Methods for assessing security boundaries in managed cloud services