When an ML engineer deploys a Stable Diffusion model to Kubernetes, they unwittingly create an attack surface unlike anything traditional security teams have encountered. I discovered this firsthand after our "perfectly secured" AI cluster was compromised.
In this no-holds-barred session, I'll demonstrate live exploits against common AI deployment patterns, showing how attackers pivot from an innocent model serving endpoint to exfiltrating proprietary models worth millions and compromising underlying infrastructure. For each vulnerability exposed, I'll share concrete defensive measures developed in the trenches of enterprise AI deployments, including custom admission controllers, GPU isolation patterns, and monitoring strategies specifically crafted for AI workloads.