ByteDance's big model training attacked by intern, has been fired
On October 18, multiple group chats circulated the following message: "A major tech giant's large-scale model training was infiltrated by an intern, causing unreliable results for their model training. It is estimated that this may cause losses exceeding one million dollars." According to the source, the intern who caused this incident was affiliated with ByteDance and had been working in its commercial technology team at a university graduate school during June this year. The intern used attack code to disrupt the model training task of the team. As a result, the model's performance could not be expected and the training effect varied. Furthermore, AML team cannot determine the reason behind it. After this incident was revealed, the intern still denied it on a group chat and claimed that he left ByteDance after finishing his paper. However, it turned out that someone else got the opportunity to modify the model code using this bug. This internship intern has already been fired from ByteDance and the company informed the Anti-bribery Alliance of Sunny Cloud, as well as the school where the intern worked. But now the intern is spreading rumors and blaming others instead of himself, claiming that another person modified the code. In fact, the intern attacked the commercial technology team's model training task, which did not affect the overall loss of the company. According to a security expert, the HF (Hugging Face) bug is usually a single point of attack. This incident also exposed ByteDance’s security management problem. The company failed to do privilege separation, nor did they conduct comprehensive audit of shared codes. Normally, every big code modification should have auditing records, and no matter who made the operation, there will always be a traceable record. One can’t change the code just by doing so.
页:
[1]