Cloud Training Attacks
T13 · AI Supply Chain & Artifact Trust →Cloud ML platforms provide the compute infrastructure for most commercial model training. They manage training jobs, data access, GPU allocation, and model storage. The attack surface includes: IAM misconfiguration (overly permissive roles for training jobs), shared infrastructure (multi-tenant GPU clusters), training API exploitation (manipulating job parameters), data access compromise (training jobs often have broad access to data lakes), and model registry attacks (injecting poisoned models into cloud model registries).
- Cloud security posture management (CSPM) for ML workloads
- IAM least-privilege auditing: verify training job roles have minimal required permissions
- Training job behavior monitoring: track network connections, storage access, and API calls during training
- Data lake integrity monitoring: hash-based change detection on training data
Cloud training attacks chain from T13-AT-004 (Dependency Confusion via stolen cloud credentials) and T13-AT-003 (Pipeline Injection via cloud CI/CD). They chain to T13-AT-006 (Checkpoint Poisoning) through cloud storage access and to T6-AT-008 (Model Update Hijacking) through cloud model registries.