Andres Riancho
Andres is an application and cloud security expert with deep expertise in offensive security and Internet-scale vulnerability research. He has worked extensively as an application security consultant, founded a security consultancy firm, and led web security initiatives as Director at Rapid7, where he contributed to advancing vulnerability scanning capabilities.
Over the years, he has authored multiple open-source tools focused on web and cloud security, which have been widely adopted by the security community and featured in international security conferences.
Currently, Andres is part of the Vulnerability Research team at Wiz, specializing in cloud security and large-scale vulnerability discovery.
Session
As AI workloads migrate to the cloud, Cloud Service Providers are rapidly evolving their GPU offerings. These multi-tenant environments are often built on NVIDIA Container Toolkit, the industry-standard framework for running GPU-based containerized apps. In this talk, we will show you how a single vulnerability in this fundamental framework impacted the entire CSP ecosystem – and how each environment handled a brand-new 0-day vulnerability.
We’ll walk through our discovery of a container escape vulnerability in this foundational layer of GPU infrastructure, and its real-life implications across 3 different cloud providers: Azure, DigitalOcean, and Replicate. Each case began with a standard customer workload running our exploit – but the outcomes varied widely. One led to minor impact; another with lateral movement that triggered blue teamers; and one resulted in complete service takeover.
Join us to gain a firsthand look on how major cloud providers build their environments, and the anatomy of a container escape vulnerability in the wild. Finally, learn how to build stronger guardrails in the cloud, by examining the flaws and misconfigurations we were able to exploit.