S0114Critical

AI 推論端點 SSRF 攻擊

Operation & Monitoring

Risk Description

Attackers exploit Server-Side Request Forgery (SSRF) vulnerabilities in AI inference endpoints through crafted inputs, causing AI services to send malicious requests to internal networks. Since AI services typically require access to internal model storage, vector databases, and microservices, they have elevated network privileges. SSRF attacks allow attackers to access protected internal resources using AI services as a pivot.

Framework Mappings

iso 23894R2
owasp llmLLM06
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 網路分段
  • 請求過濾白名單

Implementation Steps English translation pending

  1. 對 AI 推論服務實施嚴格的網路分段,限制可存取的內部資源
  2. 建立外部請求白名單,禁止 AI 服務向未授權地址發送請求
  3. 對所有來自 AI 服務的內部請求進行日誌記錄和異常偵測
  4. 定期進行 SSRF 漏洞滲透測試