SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAI is the latest craze that makes the world go round, and to satisfy the demand we are witnessing a desperate gold rush of compute. This has transformed data centers from boring server farms into the critical infrastructure of the modern era, diverting supply chains and packing as much compute to feed the LLM machine. But while companies only care about kilowatt-hours and compute “horse power”, we asked the better question - could hackers cause everything to melt down? In order to keep the AI agents running, a huge amount of power is needed, which obviously generates a lot of heat. So the two issues each data center needs to overcome is keeping all the servers running, and to dissipate the heat generated from it. These two points are exactly what we focused on in our research - can we cause blackouts and shutdown servers inside the data center, and could we attack the cooling ecosystem and cause everything to heat up and malfunction. In this talk we will showcase our research into two types of devices heavily used in data center environments. First, we will showcase our research into the network card of a popular uninterruptible power supply (UPS), how we were able to research and analyze the card without requiring the power supply itself (which cost thousands of dollars and takes a whole room) or a public datasheet, using pin analysis and “hotwiring” it to boot. Next, we will showcase a vulnerability chain we discovered on the device allowing attackers to take control over the entire UPS system and shut down servers remotely - causing disruptions. Finally, we will showcase vulnerabilities we discovered in a popular cooling system controller which orchestrates the entire cooling ecosystem, from chillers and compressors to HVACs. By attacking this controller it is possible to take down the entire system and cause proper meltdowns to the entire data center.


Amir Zaltzman is a vulnerability researcher at Claroty Team82 and holds a M.Sc. and B.Sc. in Electrical Engineering from Tel Aviv University.
Read more about Amir Zaltzman





