The Good, the Bad, and the Ugly: Hacking 3 CSPs with 1 Vulnerability
Hillai Ben-Sasson, Andres Riancho
fwd:cloudsec North America 2025 · Day 2 · Track 1 - Crystal
Andres Riancho and Hillai Ben-Sasson, security researchers at Wiz, presented research demonstrating how a single critical container escape vulnerability in **NVIDIA Container Toolkit** was used to compromise more than 10 different cloud service providers. The talk detailed three representative case studies -- **Azure Container Instances**, **Replicate**, and **DigitalOcean (Paperspace)** -- that illustrate the full spectrum of security outcomes: from no cross-tenant access (Azure), to limited data exposure with active detection (Replicate), to full service compromise with access to all tenants' models, secrets, and source code (DigitalOcean/Paperspace). The vulnerability required only the ability to control the container image provided to the service, making exploitation trivial across any GPU-accelerated cloud offering.
AI review
A critical container escape in NVIDIA Container Toolkit used to hack 10+ cloud providers, with three beautifully contrasting case studies that range from 'Azure did everything right' to 'DigitalOcean gave us the keys to the kingdom.' This is cloud security research at its finest: one zero-day, massive blast radius, real exploitation, and a natural experiment revealing which providers actually build secure architectures versus which ones are held together with duct tape.