Trend Micro Warns of Thousands of Exposed AI Servers
HONG KONG SAR - Media OutReach Newswire - 13 August 2025 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today urged AI engineers and IT leaders to heed best practices in developing and deploying secure systems, or risk exposure to data theft, poisoning, ransom, and other attacks.
To learn more about how network defenders and adversaries are using AI, read Trend Micro State of AI Security Report, 1H 2025: https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/trend-micro-state-of-ai-security-report-1h-2025
Rachel Jin, Chief Enterprise Platform Officer at Trend: "AI may represent the opportunity of the century for global businesses. But those rushing in too fast without taking adequate security precautions may end up causing more harm than good. As our report reveals, too much AI infrastructure is already being built from unsecured and/or unpatched components, creating an open door for threat actors."
Trend's report highlights several AI-related security challenges:
1) Vulnerabilities/exploits in critical components
Organizations wishing to develop, deploy and use AI applications must leverage multiple specialized software components and frameworks, which may contain vulnerabilities one may find in regular software. The report reveals zero-day vulnerabilities and exploits in core components including ChromaDB, Redis, NVIDIA Triton, and NVIDIA Container Toolkit.
2) Accidental exposure to the internet
Vulnerabilities are often the result of rushed development and deployment timelines, as are instances when AI systems are accidentally exposed to the internet, where they can be probed by adversaries. As detailed in the report, Trend has found 200+ ChromaDB servers, 2,000 Redis servers, and 10,000+ Ollama servers exposed to the internet with no authentication.
3) Vulnerabilities in open-source components
Many AI frameworks and platforms use open-source software libraries to provide common functionality. However, open-source components often contain vulnerabilities that end up creeping into production systems, where they are hard to detect. At the recent Pwn2Own Berlin, which featured a new AI category, researchers uncovered an exploit for the Redis vector database, which stemmed from an outdated Lua component.
4) Container-based weaknesses
A great deal of AI infrastructure runs on containers, meaning it is exposed to the same security vulnerabilities and threats that impact cloud and container environments. As outlined in the report, Pwn2Own researchers were able to uncover an exploit for the NVIDIA Container Toolkit. Organizations should sanitize inputs and monitor runtime behavior to mitigate such risks.
Stuart MacLellan, CTO, NHS SLAM: "There are still lots of questions around AI models and how they could and should be used. We now get much more information now than we ever did about the visibility of devices and what applications are being used. It's interesting to collate that data and get dynamic, risk-based alerts on people and what they're doing depending on policies and processes. That's going to really empower the decisions that are made organizationally around certain products."
Both the developer community and its customers must better balance security with time to market in order to mitigate the risks outlined above. Concrete steps could include:
Improved patch management and vulnerability scans
Maintaining an inventory of all software components, including third-party libraries and subsystems
Container management security best practices, including using minimal base images and runtime security tools
Configuration checks to ensure AI infrastructure components, like servers aren't exposed to the internet
Hashtag: #TrendMicro
https://www.trendmicro.com
https://www.linkedin.com/in/trend-micro-hong-kong-96353768/
https://twitter.com/trendmicroamea
https://www.facebook.com/tmhk1989/
The issuer is solely responsible for the content of this announcement.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com
Trend Micro
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
UAE Moments
an hour ago
- UAE Moments
Philippines Orders E-Wallets to Cut Ties with Online Gambling
The Bangko Sentral ng Pilipinas (BSP) just dropped a bombshell for e-wallets: unlink from online gambling platforms — and fast. Deputy Governor Mamerto Tangonan told senators the order was given today (Aug 14), giving companies until Saturday to scrub their apps clean. Why the Wait? Senators weren't thrilled about the two-day grace period, questioning why it couldn't be instant. BSP says removing links takes time and also lets users withdraw their funds from gambling accounts. You Can Still Access Sites Directly Even after links vanish from apps, e-wallets can still process payments if you go straight to a gambling website. Full regulations on this are still in the works. The Bigger Gambling Debate The Senate is weighing whether to ban online gambling outright or just tighten rules. PAGCOR's idea? Limit bets to physical stations, similar to horse racing. Credit card use for gambling debts is already off the table.
Zawya
3 hours ago
- Zawya
FedEx, UPS, DHL executives to face fresh scrutiny in India antitrust case
NEW DELHI: Top India executives of FedEx, UPS, Aramex and DHL are set to be cross-examined in coming weeks by a book publishers' group which accused them of price collusion, a new twist in an antitrust probe that cleared the courier companies of wrongdoing last year, a document shows. Allowing a complainant to interrogate companies is not common in Indian antitrust cases. It means the final findings of the antitrust investigation could change and create new challenges for the courier majors, and the case will be prolonged by several months, antitrust lawyers and government sources said. Many foreign and domestic companies are bullish about the Indian courier and parcel delivery market, which is expected to grow 11% a year to $14.3 billion by 2030, bolstered by a boom in online shopping, research firm Mordor Intelligence says. In December, Reuters reported the Competition Commission of India (CCI) found "no evidence" of courier firms sharing commercial information amongst themselves. The 2022 cartel case, whose details remain confidential in line with rules, was triggered when the Federation of Indian Publishers alleged collusion on prices and discounts by delivery firms. The CCI has now found merit in a complaint by the publishers' group which argued it must be allowed to cross-examine the delivery company executives as investigators only relied on oral submissions to give the companies a clean chit. The federation "has demonstrated sufficient cause establishing necessity and expediency of conducting such cross-examination," the CCI noted in a May 28 internal order that was reviewed by Reuters. The order said the executives to be questioned were Subhasish Chakraborty, Managing Director of India's DTDC Express; R.S. Subramanian, Managing Director of DHL Express India; Suvendu Choudhury, a vice president of FedEx in India; Percy Avari, general manager of Aramex in India, and Abbas Panju, India managing director of UPS Express. None of the executives responded to requests for comment. DHL said in a statement it operates in full compliance with all laws and is "cooperating fully with the CCI", but could not comment on specifics. The CCI, as well as other companies - DTDC, U.S.-based FedEx and UPS, and Dubai's Aramex did not respond to Reuters queries. The Federation of Indian Publishers also did not respond. It represents many Indian publishers like and Rupa Publications, as well as some foreign groups like Pan Macmillan. 'RARE' CROSS-EXAMINATION Sending the case back to the CCI investigators could become an irritant for the logistics industry, which has faced scrutiny since 2015, when France levied a $735 million fine on 20 companies, including FedEx and DHL, for secretly colluding to increase prices. In India, cross-examination of companies by the complainant "is rare," said Gautam Shahi, a competition law partner at Indian law firm Dua Associates. "Such cross-examination may reveal new facts and the conclusions of the earlier investigation report may come into question. It may change the direction of the case," he said. The CCI investigations unit will now oversee the cross-examination proceedings in coming weeks and submit a report to top antitrust officials for a review, four sources familiar with the matter said. The Federation of Indian Publishers had alleged that courier companies acted together to determine charges, and also did not reduce the fuel surcharge they charged when jet fuel prices dropped. The 202-page investigation report shared with the companies privately last year, and seen by Reuters this week, notes that 36 notices were sent to 15 courier firms during 2023-24 to gather details of their businesses, with UPS submitting the most responses - 13. The CCI report concludes no email correspondence surfaced that showed "any collusive/concerted activities" among rivals. The Federation of Indian Publishers has also successfully argued it wants to point out several anomalies in the earlier recorded statements of company executives, which were ignored by investigators, noted the CCI order that allowed the cross-examination. (Reporting by Aditya Kalra; Editing by Raju Gopalakrishnan)
Crypto Insight
3 hours ago
- Crypto Insight
Metaplanet outperforms Japan's most liquid blue-chip stocks in 2025
Bitcoin-focused investment company Metaplanet has surged almost 190% year-to-date (YTD), leaving Japan's largest and most liquid blue-chip companies in its wake. On Wednesday, Metaplanet released its earnings report for the second quarter of 2025. The report showed that the company's YTD performance dwarfed the 7.2% average gain posted by the Tokyo Stock Price Index (TOPIX) Core 30, a benchmark tracking giants like Toyota, Sony and Mitsubishi Heavy Industries. Metaplanet's standout performance in 2025 comes amid its aggressive Bitcoin pivot, with the Tokyo-listed company expanding its treasury through regular purchases. Investors are placing bets on Metaplanet's Bitcoin strategy paying off. According to the report, the number of Metaplanet shareholders climbed to over 180,000 as of June 2025, up 350% since it started its Bitcoin accumulation strategy in the fourth quarter of 2024. Metaplanet outperforms Japan's TOPIX Core 30 amid Bitcoin strategy Apart from Metaplanet outperforming the average gain by the index, the company has also surpassed the performance of popular individual stocks. The report showed that Metaplanet's YTD gains exceeded even the top-performing TOPIX Core 30 members, including Mitsubishi, Nintendo and SoftBank Group. These companies posted double-digit gains throughout the same time period but still lagged behind Metaplanet by wide margins. Other index members like Japan Tobacco, Mizuho Financial Group and Tokio Marine Holdings posted modest gains. At the same time, companies like Toyota Motor Corp. and Murata Manufacturing showed slight declines, highlighting a gap in market sentiment. Founded as a hospitality company, Metaplanet rebranded itself in 2024 as a Bitcoin accumulation vehicle, mimicking the playbook of US-based Strategy. According to the company, it remains the only firm offering regulated Bitcoin exposure in Japan within a public company framework. Metaplanet to raise $3.7 billion to buy more Bitcoin Metaplanet previously announced that it aims to acquire 1% of Bitcoin's total supply by 2027. This means that the company plans to purchase 210,000 BTC over the next two years. To help achieve this goal, the company announced on Aug. 1 that it will raise $3.7 billion dollars through a stock offering. The company said it intends to actively pursue equity financing as part of its Bitcoin Strategy. In August, the company had already spent over $100 million to buy Bitcoin. On Aug. 4, Metaplanet purchased 463 BTC, with $53.7 million. The company followed it up with a $61.4 million Bitcoin purchase on Tuesday. Source:
