Yelp Developers’ Joke Highlights Dangers of Overprivileged Identities
Reports surfaced last week that Yelp had trained a neural net to eliminate bugs in its app – but it ended up deleting everything instead. However, WIRED’s Tom Simonite quickly pointed out that the reports were nothing more than Yelp’s developers using their artistic license to spice up the company’s latest release notes (good sleuthing, Tom!):
Tom goes on to note that this is a very plausible scenario, however, with researchers having discovered dozens of recent incidents of AI algorithms finding loopholes in their programs or hacking their environments.
Although fake, Yelp’s latest AI debacle highlights exactly why it’s so important for organizations to understand which identities—including bots, APIs and service accounts—have the privileges that can lead to these types of issues and proactively manage those privileges to reduce risk. Overprivileged identities are one of the biggest threats facing enterprises with complex, multi-cloud environments, and we will continue to see all kinds of issues until companies get better at assessing and managing unused, high-risk privileges.
“We apologize to anyone who had problems with the [Yelp] app this week. We trained a neural net to eliminate all the bugs in the app and it deleted everything. We had to roll everything back. To be fair, we were 100% bug-free … briefly.”
Whether it’s an Amazon S3 bucket, an ElasticSearch server, or another one of the thousands of resources in the cloud that can create opportunities for damage, it only takes one identity (human or bot) to cripple the infrastructure or change the privacy configuration to put sensitive data at risk.
Not sure where your organization stands? We are here to provide you with more information, answer any questions that you might have, and work with you to build an effective solution. Contact us today to learn more.