"So there were a couple parts of this. One is the API abuse. But then there was "
"Hello everyone and welcome back to another episode of The Register's Kettle podcast. I'm Reg reporter Brandon Vigliarolo, and this week I'm joined by my colleagues Richard Speed and Kettle newcomer O'Ryan Johnson to talk about a recent spike in cloud AI API abuse that's sticking customers with some massive charges. We're talking tens of thousands of dollars that Google is seeming to...try hard not to refund. Guys, thanks for coming on."
"In both cases, cloud customers using AI incurred massive bills without any prior notification from their provider and not a lot of help to resolve the matter with any sense of urgency."
"this one is primarily based on an exclusive you published this week about compromised Google Cloud API keys. And from what I read, it seems like cyber criminals are using those keys to run all the AI inference they want on most expensive models that Google has without paying a dime. So walk me through what exactly this story's about."
Cloud AI services on major platforms have seen rising cases of API abuse that generate very large charges for customers. Compromised API keys can be used by cyber criminals to run unlimited or extensive AI inference on the most expensive models. Customers may receive massive bills without prior notification from their provider and may find limited assistance when trying to resolve the issue quickly. The problem has been reported for both Google Cloud and AWS, with similar patterns of unauthorized usage and inadequate urgency in remediation. Avoiding similar outcomes requires preventing key compromise and managing access so that unauthorized inference cannot occur unnoticed.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]