Critical AI Flaws Revealed in Nvidia’s Open-Source Stack Technology giant Nvidia issued a critical piece of software on Saturday to fix severe security vulnerabilities in its open-source AI inference server, Triton. The flaws, if left unpatched, would allow hackers to fully take over servers, steal sensitive data, and make malicious changes to AI model outputs. The weaknesses were discovered by cyber security firm Wiz, which classified them as “critical.” Nir Ohfeld, Wiz’s vulnerability research leader, explained the attack method as chaining bugs to use privileges and gain control. The attack starts with a small insect that causes the server to leak out a bit of secret internal data,” Ohfeld. “From there, an attacker can use a legitimate server function to gain control of a private component and ultimately obtain full server control.” Who Is at Risk? Triton is widely used for deploying and running AI models efficiently on various hardware backends. While Nvidia hasn’t disclosed its list of clients, industry giants like Microsoft, Amazon, Oracle, Siemens, and American Express have been reported to have used Triton in their pipelines. According to Nvidia’s earlier reports, more than 25,000 companies use Nvidia’s AI infrastructure, and thus the potential attack surface is quite large. The vulnerabilities are CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334. Nvidia recommended all customers upgrade as quickly as possible to Triton Inference Server version 25.07 or higher, which fixes the entire vulnerability chain. AI and Cybersecurity: A 2025 Trend The Triton disclosure is part of a broader trend in 2025, in which new technologies—specifically AI and crypto—are being attacked ever more intensively by cybercriminals. Blockchain security firm Hacken recently revealed $3.1 billion in crypto losses due to access vulnerabilities and smart contract exploits during the first half of 2025, already exceeding 2024’s all-time record. Experts are now warning that AI agents and quantum computing will introduce increasingly sophisticated forms of attack vectors, stressing how crucial it is for infrastructure to be secure as technology evolves. No Active Exploits Yet, But Risk Remains Though Wiz has experienced no in-the-wild exploitation, the company emphasizes urgency due to possible effect. “Nvidia Triton is a very popular and widely deployed platform for AI workloads,” Ohfeld added . “Allowing updates to lag behind could leave safety-critical systems needlessly vulnerable.” Nvidia referred all inquiries to its published security bulletin, which has specific patching guidance.
