Disrupting the Model: Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes
Brett Hawkins, Chris Thompson
ShmooCon XX (Final) · Day 3 · Belay It
In an era where nearly every organization is rapidly integrating Artificial Intelligence (AI) into its operations, the security of the underlying Machine Learning Operations (MLOps) platforms remains a critically overlooked domain. This talk, presented by IBM X-Force Red leaders Chris Thompson and Brett Hawkins, sheds light on this pervasive blind spot, highlighting the significant gap in offensive and defensive research, tooling, and guidance for securing the environments used to train, tune, deploy, and manage AI models. The speakers introduce **MLLo Kit**, a novel open-source toolkit designed to simulate attacks against these platforms, thereby empowering organizations to test their defenses and build robust security postures.
AI review
This research from IBM X-Force Red directly addresses a critical and underserved area: the security of MLOps platforms themselves, rather than just the models. The speakers present novel attack vectors against Azure ML, Big ML, and Vertex AI, demonstrating how to compromise these environments through API abuse and stolen credentials to extract models and sensitive training data. The release of MLOKit, an open-source tool, provides a much-needed capability for both offensive simulation and defensive testing, offering actionable insights for organizations rushing into AI.