Great work, thanks for sharing Dave. And this article gives me many thoughts and also inspires us to think more about the security side for AIML, we are living at the "best" era, but also the most dangerous era. Tho I'd like to argue your point that "a pod is an environment used to run containers. These are small, executable, standalone code packages." In K8s, more precisely, "A pod is the smallest deployable unit in Kubernetes, which can run one or more containers. Containers are small, executable, standalone code packages." I am particularly interested in the scenario you've written with privilege escalation, and the Countermeasures for it, for those people who work in the tech industry, it's a better practice for us to follow the principle of least privilege at the very beginning to design a secure system rather than try to correct when something when it happens. So in this case, I think we might leverage some k8s tools and AWS services to gurantee the least privilege rules. :)
Thanks for the correction, you know much more about k8s than I do! Container security misconfiguration has been growing rapidly, so to see this paired with an AI/ML attack vector is truly fascinating
Thank you for your reply, nobody knows more than others, we are just learning from each other. Yeah, that's also one of the most promising fields in the coming decade I believe :)
Great work, thanks for sharing Dave. And this article gives me many thoughts and also inspires us to think more about the security side for AIML, we are living at the "best" era, but also the most dangerous era. Tho I'd like to argue your point that "a pod is an environment used to run containers. These are small, executable, standalone code packages." In K8s, more precisely, "A pod is the smallest deployable unit in Kubernetes, which can run one or more containers. Containers are small, executable, standalone code packages." I am particularly interested in the scenario you've written with privilege escalation, and the Countermeasures for it, for those people who work in the tech industry, it's a better practice for us to follow the principle of least privilege at the very beginning to design a secure system rather than try to correct when something when it happens. So in this case, I think we might leverage some k8s tools and AWS services to gurantee the least privilege rules. :)
Thanks for the correction, you know much more about k8s than I do! Container security misconfiguration has been growing rapidly, so to see this paired with an AI/ML attack vector is truly fascinating
Thank you for your reply, nobody knows more than others, we are just learning from each other. Yeah, that's also one of the most promising fields in the coming decade I believe :)