What Have They Done? Popular AI Framework ray.ai Built Without a Single Security Consideration

Gabriel Tocci
3 min readMar 28, 2024

--

A recent article reported by Avi Lumelsky, Guy Kaplan, and Gal Elbaz @ Oligo, describes how the ray ai framework is currently being exploited in the wild, and has been since November 2023.

This is alarming considering the extent to which this framework is deployed in the wild:

This is the first of its kind exploit, and it’s completely predictable given that the project maintainer, Anyscale, has knowingly chose to not implement a single security feature. Their official security posture is,“Ray expects to run in a safe network environment and to act upon trusted code.”

The “Best Practices” guide describes how this security model, or lack there of, relies entirely on being inaccessible by threat actors.

In 2024 this security posture is outdated, ineffective, and downright negligent. This posture has no place in modern software architecture, especially and AI framework with widespread adoption.

The Zero Trust Architecture (ZTA) is a cybersecurity model that is the antithesis to this wide-open security posture. ZTA has been around for decades and has widespread adoption industry-wide, per the 2023 State of Zero Trust Report by Okta.

ZTA is the cybersecurity standard (NIST SP 800–207) published by the National Institute of Standards and Technology (NIST). The National Cyber Security Centre (NCSC) also recommends adoption of ZTA for new IT deployments, particularly where cloud services are anticipated.

To any experienced Security Researcher or Engineer, the exploit of this wide-open product is not a surprise.

The ray project is a popular project on github.

To make matters exponentially worse, the ray framework is utilized within 13,702 other projects.

Likely, a lot of the these are clones of the project for curious developers just interested in the codebase. However, there are several projects with widespread use:

Including a popular project from Microsoft:

A quick search of the ray architecture documentation results in 0 results when searching for common cybersecurity terms: auth ssh ssl security

Just to make sure it is not a search issue, I searched for the

The official security policy for ray returns a 404 error, because it does not exist.

Anyscale is currently hiring their next set of Security Engineers, in what appears to be the most meaningless job on the planet:

--

--

Gabriel Tocci
Gabriel Tocci

Written by Gabriel Tocci

www.gabrieltocci.com | Senior Cloud Architect and Engineer | Industry Leader in Higher Education

No responses yet