Security Advisories

Vulnerability disclosures and security notifications for our platform and the broader AI security ecosystem.

IDS-ADV-2026-0419 Critical — AIVSS 9.2 Active March 21, 2026

HSM Key Extraction via Race Condition in payShield Firmware — CVE-2026-21847

A critical vulnerability has been identified in the Thales payShield 10K and payShield 9000 Hardware Security Module firmware used in the eMACH.ai Secure Key Management subsystem. A race condition in the EI/A0 command processing pipeline allows authenticated attackers with network adjacency to extract cryptographic master keys from the HSM secure enclave, potentially enabling decryption of stored PAN data across all tenant environments. Emergency firmware patch required within 7 calendar days. PCI DSS 12.9.2 partner notification issued.
IDS-2025-003 Critical Resolved December 12, 2025

Training Data Validation Bypass in Pipeline SDK

A vulnerability was identified in the Pipeline SDK's data ingestion module that allowed specially crafted training datasets to bypass input validation checks. An attacker with access to the training pipeline could inject malicious data payloads that persisted through preprocessing stages, potentially poisoning downstream model outputs. The issue was caused by insufficient boundary checking in the multipart upload handler when processing nested archive formats. Patched in Pipeline SDK v3.4.2.

IDS-2025-002 High Resolved October 8, 2025

Insufficient Rate Limiting on Model Inference API

The Model Inference API lacked adequate per-tenant rate limiting on batch prediction endpoints, allowing authenticated users to submit an unbounded number of concurrent inference requests. This could be exploited for resource exhaustion attacks against shared GPU clusters, degrading performance for other tenants. The vulnerability affected deployments using the default API gateway configuration without custom throttling rules. Resolved by implementing adaptive token-bucket rate limiting in API Gateway v2.1.0.

IDS-2025-001 Critical Resolved August 19, 2025

Cross-Tenant Data Leakage in Multi-Model Serving

A critical isolation flaw was discovered in the multi-model serving infrastructure where inference context from one tenant's model could bleed into another tenant's prediction responses under high-concurrency conditions. The root cause was a shared memory buffer in the model orchestration layer that did not properly enforce tenant boundaries during batch inference scheduling. No evidence of exploitation was found in production logs. Fixed in Model Serving Engine v4.0.1 with full tenant memory isolation.

IDS-2024-006 High Resolved November 3, 2024

Privilege Escalation via Model Registry API

An authorization bypass in the Model Registry API allowed authenticated users with read-only permissions to overwrite model artifacts in shared repositories. The flaw existed in the permission evaluation logic for the PUT /models/{id}/versions endpoint, which incorrectly inherited permissions from the parent organization scope rather than the repository scope. An attacker could replace a production model with a backdoored variant without triggering audit events. Resolved in Model Registry v2.8.0 with granular RBAC enforcement at the repository level.

IDS-2024-005 Medium Resolved August 22, 2024

Information Disclosure in Debug Endpoints

Several internal debug endpoints in the Platform API were unintentionally exposed in production deployments when the service was started with default configuration values. These endpoints returned detailed system information including model architecture parameters, internal network topology, and database connection metadata. While authentication was required, any valid API token could access the endpoints regardless of permission scope. Mitigated by removing debug endpoints from production builds and adding explicit scope requirements in Platform API v3.2.1.

IDS-2024-004 Critical Resolved May 15, 2024

Remote Code Execution in Model Deserialization

A critical vulnerability was identified in the model loading pipeline where pickle-based deserialization of untrusted model files could lead to arbitrary code execution on the serving infrastructure. Models uploaded through the partner integration API were not subjected to the same sandboxed deserialization process as models uploaded through the primary dashboard. An attacker with partner API access could upload a specially crafted model file containing embedded Python payloads. Patched in Serving Engine v3.6.0 by enforcing SafeTensors format validation and sandboxed loading for all ingestion paths.

IDS-2024-003 Low Resolved March 1, 2024

Verbose Error Messages Expose Internal Paths

Under certain error conditions, the Governance Dashboard API returned stack traces containing internal file system paths, Python package versions, and database schema names. This information disclosure required authenticated access and only occurred when malformed requests triggered unhandled exceptions in the report generation module. While not directly exploitable, the leaked information could assist an attacker in crafting more targeted attacks. Fixed by implementing structured error responses in Governance API v1.9.3.

IDS-2024-002 High Resolved January 18, 2024

JWT Token Forgery via Weak Signing Key

The authentication service for the Partner Portal used a deterministically generated signing key derived from the deployment timestamp when no explicit key was configured. In environments where the deployment timestamp was predictable or leaked through API headers, an attacker could reconstruct the signing key and forge valid JWT tokens with arbitrary claims. This affected self-hosted deployments that had not configured a custom JWT secret. Resolved in Auth Service v2.0.0 by requiring explicit key configuration and rejecting startup when using default values.

IDS-2024-001 Medium Resolved January 5, 2024

SSRF via Webhook Configuration Endpoint

The webhook configuration API accepted arbitrary URLs without validation, allowing authenticated administrators to configure callbacks pointing to internal network addresses. An attacker with admin access could use this to probe internal services, access cloud metadata endpoints, or exfiltrate data through DNS rebinding. The vulnerability was limited to users with the webhook_admin role. Fixed in Notification Service v1.4.0 by implementing URL allowlisting and blocking RFC 1918 address ranges.

IDS-2023-004 High Resolved October 27, 2023

Insecure Direct Object Reference in Audit Logs

The audit log retrieval API used sequential integer identifiers without tenant-scoped authorization checks. An authenticated user could enumerate and retrieve audit log entries belonging to other tenants by incrementing the log entry ID parameter. Exposed data included model deployment events, user login records, and configuration changes. The vulnerability was reported through our responsible disclosure program. Resolved in Audit Service v1.2.0 by replacing sequential IDs with tenant-scoped UUIDs and adding explicit ownership validation.

IDS-2023-003 Medium Resolved August 9, 2023

Denial of Service via Malformed Model Input

The inference API did not enforce input size limits on certain tensor operations, allowing an attacker to submit specially crafted input payloads that caused excessive memory allocation on GPU workers. A single malicious request could consume all available GPU memory, causing out-of-memory errors and service disruption for co-located inference workloads. The attack required a valid API key but no elevated permissions. Mitigated in Inference Engine v1.5.2 by implementing input tensor dimension and size validation before GPU memory allocation.

IDS-2023-002 Critical Resolved June 14, 2023

Authentication Bypass in Early Access API

A logic error in the Early Access API's authentication middleware allowed requests with an empty Authorization header to bypass token validation entirely. The middleware checked for the presence of a Bearer prefix but did not validate that a token followed it. This allowed unauthenticated access to all Early Access API endpoints, including model management and data pipeline configuration. Discovered during an internal security audit prior to general availability. Patched in API Gateway v1.1.0 with strict token format validation.

IDS-2023-001 Low Resolved April 20, 2023

Cross-Site Scripting in Dashboard Search

The Governance Dashboard's search functionality reflected user input without proper sanitization in the search results page. An attacker could craft a URL containing a malicious JavaScript payload in the search query parameter that would execute in the context of an authenticated user's session when clicked. Exploitation required social engineering to convince a user to visit the crafted link. Fixed in Dashboard v1.0.3 by implementing input sanitization and Content-Security-Policy headers.

Responsible Disclosure

IntellectDesign Security is committed to working with the security research community to identify and responsibly disclose vulnerabilities in our products and services. We operate a coordinated disclosure policy with a standard 90-day timeline from initial report to public advisory.

If you believe you have discovered a security vulnerability in any of our products, please report it to [email protected]. Include a detailed description of the vulnerability, steps to reproduce, and any proof-of-concept code. We acknowledge all reports within 48 hours and aim to provide an initial assessment within 5 business days.

We do not pursue legal action against researchers who act in good faith and comply with our disclosure policy.

Subscribe to Advisories

Get notified when new security advisories are published.