AI Con USA 2025 - AI Security

The adoption of open-source AI software introduces a new family of vulnerabilities to organizations. Some components in AI, like model serving, include Remote Code Execution (RCE) by design, like when loading pre-trained models from external sources. Traditional SCA and SAST approaches are not built for the AI ecosystem leaving a huge & insecure attack surface. The irony is that in the AI ecosystem, security issues such as remote code execution are actually a feature and not a bug, often specified explicitly in the docs, which most devs don’t read. AI models are often downloaded from...