all AI news
How We Executed a Critical Supply Chain Attack on PyTorch
Jan. 14, 2024, 7:38 p.m. |
Simon Willison's Weblog simonwillison.net
How We Executed a Critical Supply Chain Attack on PyTorch
Report on a now handled supply chain attack reported against PyTorch which took advantage of GitHub Actions, stealing credentials from some self-hosted task runners.
The researchers first submitted a typo fix to the PyTorch repo, which gave them status as a "contributor" to that repo and meant that their future pull requests would have workflows executed without needing manual approval.
Their mitigation suggestion is to switch the option from 'Require …
github pytorch report researchers security self-hosted stealing supply chain them
More from simonwillison.net / Simon Willison's Weblog
PSF announces a new five year commitment from Fastly
1 day, 4 hours ago |
simonwillison.net
Programming mantras are proverbs
1 day, 6 hours ago |
simonwillison.net
Jobs in AI, ML, Big Data
Software Engineer for AI Training Data (School Specific)
@ G2i Inc | Remote
Software Engineer for AI Training Data (Python)
@ G2i Inc | Remote
Software Engineer for AI Training Data (Tier 2)
@ G2i Inc | Remote
Data Engineer
@ Lemon.io | Remote: Europe, LATAM, Canada, UK, Asia, Oceania
Artificial Intelligence – Bioinformatic Expert
@ University of Texas Medical Branch | Galveston, TX
Lead Developer (AI)
@ Cere Network | San Francisco, US