<ul><li>A multi-stage cyberattack exploited vulnerabilities in a call center's AI infrastructure, involving Typosquatting on PyPI, backdoor deployment in API Gateway, and S3 bucket hijacking for data exfiltration.</li><li>The attack led to the compromise of build servers, lateral movement into the API Gateway through forged admin JWT tokens, and exfiltration of over 10 million call records within hours.</li><li>Protection measures include implementing zero-trust for ML pipelines, hardening API Gateways, securing cloud storage, and preparing for AI-specific threats with incident response playbooks.</li><li>The breach highlights the increasing targeting of AI infrastructure by cybercriminals, emphasizing the need to shift to zero-trust architectures, integrate security into every component, and automate audits using relevant tools.</li></ul>

How 10M AI call center stolen identities could change your cybersecurity policy

Discover more