Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks. Oligo Security bug hunters say the ongoing campaign, which they've named ShadowRay 2.0, has been active since at least September 2024. The attacks exploit CVE-2023-48022, a critical - and unpatched - vulnerability in Ray, an open source distributed computing framework for AI workloads that's used by major tech companies, including Amazon, Apple, and OpenAI.