The report was created with Protect AI's AI/ML "bug bounty" program, huntr. According to the company, the program is made up of over 15,000 members who hunt for vulnerabilities across the "entire OSS AI/ML supply chain."
Among June's found vulnerabilities was one with Nvidia's Triton Inference Server, a "part of the Nvidia AI platform and available with Nvidia AI Enterprise," according to Nvidia. It is "open-source software that standardizes AI model deployment and execution," the company said.
The Triton Inference Server vulnerability allows hackers to perform log injections. Server versions 24.01 to 24.04 are affected.
A second vulnerability is with Intel's Neural Compressor, software that helps optimize and accelerate deep machine learning.
"A vulnerability in the Intel Neural Compressor's configuration handling could lead to sensitive information disclosure due to a TOCTOU [Time-of-Check Time-of-Use] race condition," huntr said.
Here is a list of all vulnerabilities huntr has discovered this month: