Advanced

TorchServe Vulnerabilities: What You Should Know

Security researchers at Oligo Security identified a set of vulnerabilities in TorchServe that, when chained together, allow an attacker to achieve unauthenticated remote code execution. T...

TorchServe is an open source model-serving package built as part of the PyTorch ecosystem. PyTorch itself is a widely used machine learning (ML) framework that underpins a large share of natural language processing (NLP) applications, including many of the systems behind modern generative AI products such as large language model chat assistants. TorchServe is the component responsible for actually hosting and exposing a trained model so that it can receive inference requests over the network — in effect, it is the "runtime" that wraps a model and makes it callable as a service.

Because it is frequently embedded as a dependency rather than installed directly by name, many organizations that are technically exposed to this vulnerability chain may not immediately recognize that they are running TorchServe underneath a higher-level AI product or internal ML pipeline.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The ShellTorch Vulnerability Chain in TorchServe
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.