The security engineer’s face went pale when she pulled up the access logs. Her team had deployed a fraud detection model to production three weeks earlier — standard stuff, containerized inference running on Kubernetes. Except someone had been quietly exfiltrating the model weights for the past eleven days through an API endpoint they’d forgotten to lock down. The attacker got everything: training architecture, parameter files, even the feature engineering pipeline. Six months of competitive advantage, gone.
This happened at a Series C fintech in San Francisco last April. I know because I helped them write the incident report.
This article has been indexed from DZone Security Zone
Read the original article: