Shared network vulnerability disclosure

Replicate encountered a security vulnerability in January 2024, disclosed by cloud security company Wiz, which revealed that its infrastructure could allow a malicious model to access sensitive data due to shared network namespaces and unencrypted internal communications. The company responded promptly, deploying a full mitigation within 24 hours by encrypting all internal traffic and removing certain network privileges from model containers to prevent unauthorized access. Despite the potential risk, there was no evidence that the vulnerability was exploited. Replicate continues to enhance its security measures and collaborates with partners like Wiz to ensure the platform remains secure and trustworthy for its users, underscoring its commitment to maintaining user trust through vigilant security practices.