Leading AI chip maker NVIDIA recently patched three security vulnerabilities in its Windows ChatRTX application, two of them high-severity.
Best known as one of the leading companies in the AI chip market, NVIDIA’s ChatRTX runs as a demo app that lets users personalize a generative pre-trained transformer (GPT) large language model (LLM) so they can query a custom chatbot to quickly get contextually relevant answers while running locally on a user’s device.
NIVIDIA said the vulnerabilities — CVE-2024-0096, CVE-2024-0097, and CVE-2024-0098 — stem from improper privilege management within the ChatRTX user interface (UI). The large chip maker said a successful exploit of the vulnerabilities might lead to information disclosure, escalation of privileges, and data tampering.
John Bambenek, president at Bambenek Consulting, said ChatRTX responded to a specific market need, namely organizations that want to use GPT LLMs on their own proprietary data without uploading it to the cloud. This required the development of a UI to make this work on the hardware level, which meant the possibility of software flaws or insecure design, such as the clear-text communication between the UI and backend, said Bambenek.
“It’s important for organizations to know if they are going to run these systems on-premises, they’ll need to patch and manage them like any other server in their environment, which means their AI systems will need patching windows and redundancies to allow for rapid maintenance for security updates,” said Bambenek.
ChatRTX runs as a “demo” application today at version 0.3, pointed out Craig Burland, chief information security officer at Inversion6. If customers want to use real data to test out ChatRTX, they should think twice and check their company's AI policy, said Burland. Demo apps — especially those featuring AI — are best used on isolated test machines with test data, said Burland.
“Patching in today's environment must evolve from time-based — orbiting Patch Tuesday like the Earth moves around the Sun — into an event-based system of ‘see it, test it, deploy it,’" said Burland. "That said, companies across the globe are still struggling to meet yesterday's best practices of asset inventories and 30-day patch cycles.”
