Latest news with #AIengineers
Zawya
4 days ago
- Business
- Zawya
Trend Micro Warns of Thousands of Exposed AI Servers
Latest research reveals mounting infrastructure-level risks from diverse components HONG KONG SAR - Media OutReach Newswire - 13 August 2025 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today urged AI engineers and IT leaders to heed best practices in developing and deploying secure systems, or risk exposure to data theft, poisoning, ransom, and other attacks. To learn more about how network defenders and adversaries are using AI, read Trend Micro State of AI Security Report, 1H 2025: Rachel Jin, Chief Enterprise Platform Officer at Trend: "AI may represent the opportunity of the century for global businesses. But those rushing in too fast without taking adequate security precautions may end up causing more harm than good. As our report reveals, too much AI infrastructure is already being built from unsecured and/or unpatched components, creating an open door for threat actors." Trend's report highlights several AI-related security challenges: 1) Vulnerabilities/exploits in critical components Organizations wishing to develop, deploy and use AI applications must leverage multiple specialized software components and frameworks, which may contain vulnerabilities one may find in regular software. The report reveals zero-day vulnerabilities and exploits in core components including ChromaDB, Redis, NVIDIA Triton, and NVIDIA Container Toolkit. 2) Accidental exposure to the internet Vulnerabilities are often the result of rushed development and deployment timelines, as are instances when AI systems are accidentally exposed to the internet, where they can be probed by adversaries. As detailed in the report, Trend has found 200+ ChromaDB servers, 2,000 Redis servers, and 10,000+ Ollama servers exposed to the internet with no authentication. 3) Vulnerabilities in open-source components Many AI frameworks and platforms use open-source software libraries to provide common functionality. However, open-source components often contain vulnerabilities that end up creeping into production systems, where they are hard to detect. At the recent Pwn2Own Berlin, which featured a new AI category, researchers uncovered an exploit for the Redis vector database, which stemmed from an outdated Lua component. 4) Container-based weaknesses A great deal of AI infrastructure runs on containers, meaning it is exposed to the same security vulnerabilities and threats that impact cloud and container environments. As outlined in the report, Pwn2Own researchers were able to uncover an exploit for the NVIDIA Container Toolkit. Organizations should sanitize inputs and monitor runtime behavior to mitigate such risks. Stuart MacLellan, CTO, NHS SLAM: "There are still lots of questions around AI models and how they could and should be used. We now get much more information now than we ever did about the visibility of devices and what applications are being used. It's interesting to collate that data and get dynamic, risk-based alerts on people and what they're doing depending on policies and processes. That's going to really empower the decisions that are made organizationally around certain products." Both the developer community and its customers must better balance security with time to market in order to mitigate the risks outlined above. Concrete steps could include: Improved patch management and vulnerability scans Maintaining an inventory of all software components, including third-party libraries and subsystems Container management security best practices, including using minimal base images and runtime security tools Configuration checks to ensure AI infrastructure components, like servers aren't exposed to the internet Hashtag: #TrendMicro The issuer is solely responsible for the content of this announcement. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. Trend Micro
Malay Mail
4 days ago
- Business
- Malay Mail
Trend Micro Warns of Thousands of Exposed AI Servers
Latest research reveals mounting infrastructure-level risks from diverse components Improved patch management and vulnerability scans Maintaining an inventory of all software components, including third-party libraries and subsystems Container management security best practices, including using minimal base images and runtime security tools Configuration checks to ensure AI infrastructure components, like servers aren't exposed to the internet HONG KONG SAR - Media OutReach Newswire - 13 August 2025 - Trend Micro Incorporated TSE: 4704 ), a global cybersecurity leader, today urged AI engineers and IT leaders to heed best practices in developing and deploying secure systems, or risk exposure to data theft, poisoning, ransom, and other learn more about how network defenders and adversaries are using AI, read Trend Micro State of AI Security Report, 1H 2025: Rachel Jin, Chief Enterprise Platform Officer at Trend: "AI may represent the opportunity of the century for global businesses. But those rushing in too fast without taking adequate security precautions may end up causing more harm than good. As our report reveals, too much AI infrastructure is already being built from unsecured and/or unpatched components, creating an open door for threat actors."Trend's report highlights several AI-related security challenges Organizations wishing to develop, deploy and use AI applications must leverage multiple specialized software components and frameworks, which may contain vulnerabilities one may find in regular software. The report reveals zero-day vulnerabilities and exploits in core components including ChromaDB, Redis, NVIDIA Triton, and NVIDIA Container are often the result of rushed development and deployment timelines, as are instances when AI systems are accidentally exposed to the internet, where they can be probed by adversaries. As detailed in the report, Trend has found 200+ ChromaDB servers, 2,000 Redis servers, and 10,000+ Ollama servers exposed to the internet with no AI frameworks and platforms use open-source software libraries to provide common functionality. However, open-source components often contain vulnerabilities that end up creeping into production systems, where they are hard to detect. At the recent Pwn2Own Berlin, which featured a new AI category, researchers uncovered an exploit for the Redis vector database, which stemmed from an outdated Lua component.A great deal of AI infrastructure runs on containers, meaning it is exposed to the same security vulnerabilities and threats that impact cloud and container environments. As outlined in the report, Pwn2Own researchers were able to uncover an exploit for the NVIDIA Container Toolkit. Organizations should sanitize inputs and monitor runtime behavior to mitigate such MacLellan, CTO, NHS SLAM: "There are still lots of questions around AI models and how they could and should be used. We now get much more information now than we ever did about the visibility of devices and what applications are being used. It's interesting to collate that data and get dynamic, risk-based alerts on people and what they're doing depending on policies and processes. That's going to really empower the decisions that are made organizationally around certain products."Both the developer community and its customers must better balance security with time to market in order to mitigate the risks outlined above. Concrete steps could include:Hashtag: #TrendMicro The issuer is solely responsible for the content of this announcement. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world.
Yahoo
09-08-2025
- Business
- Yahoo
AI jobs resistant to recent hiring slump
This story was originally published on CIO Dive. To receive daily news and insights, subscribe to our free daily CIO Dive newsletter. Dive Brief: AI-related job postings have weathered a broader contraction in tech talent demand, according to an Indeed analysis published last week. The company reviewed tech role postings on its jobs board from 2020 to date for the report. Employer demand for AI/ML engineers soared by 334% since the beginning of 2020, making it the second fastest-growing tech job on the site, according to the company's analysis. Machine learning engineers, another staple position of AI development, also remained in high demand, with postings up nearly 60% since 2020. Roles related to AI bucked a sectorwide trend, according to Indeed. Overall tech job postings on the site rose significantly through 2022, but have since fallen 36% from their 2020 levels. Dive Insight: The tech job market grew significantly in 2021 and 2022, with unemployment among IT positions sliding to record lows. A boom and bust cycle ensued, as 2023 saw tech companies lay off thousands of workers. Tech job postings never fully recovered, according to the Indeed analysis. "Two main explanations have been offered for the crash in demand for tech workers," said Brendon Bernard, economist at the Indeed Hiring Lab, in the report. "One is that the sector is experiencing an overhang from its earlier hiring boom, aggravated by less supportive economic conditions… The other candidate is that the recent AI revolution has significantly reduced interest in hiring new tech workers." The broad enterprise AI adoption push accelerated the targeted hiring of specialist positions. By contrast, roles like software developer have contracted nearly 49% since the pandemic, according to Indeed. Alongside a more dynamic hiring market, candidates for AI-focused roles also enjoy higher average salaries. AI-savvy IT professionals can expect an 18% salary boost compared with their counterparts, according to Dice data from earlier this year. "Strong demand for AI-related tech titles is also reflected in their pay," Bernard said. "Posted annual salaries for jobs like machine learning engineer (2024 median of $260,000) often rank among the highest of common tech jobs." Recommended Reading Southwest posts additional $380M in losses from December meltdown Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
