Critical Flaw in Keras API Puts TensorFlow AI Models at Risk

A significant security flaw has been identified in the Keras API, impacting TensorFlow AI models. The vulnerability, CVE-2024-3660, allows the execution of unsafe code via Lambda Layers in older Keras versions. This flaw poses a serious supply chain risk, potentially enabling attackers to execute arbitrary code through malicious models. Users are urged to upgrade to Keras 2.13 or later and enable the "safe_mode" parameter to mitigate these risks.

Read more about this security threat on SC Magazine here.