Skip to main content

2 posts tagged with "Cloud GPU"

Cloud GPU infrastructure and compute

View All Tags

GPU Rowhammer Is Real: A Single Bit Flip Drops AI Model Accuracy from 80% to 0.1%

· 13 min read
Dhayabaran V
Dhayabaran V
Barrack AI

A single bit flip in GPU memory dropped an AI model's accuracy from 80% to 0.1%.

That is not a theoretical risk. It is a documented, reproducible attack called GPUHammer, demonstrated on an NVIDIA RTX A6000 by University of Toronto researchers and presented at USENIX Security 2025. The attack requires only user-level CUDA privileges and works in multi-tenant cloud GPU environments where attacker and victim share the same physical GPU.

GPUHammer is not the only GPU hardware vulnerability. LeftoverLocals (CVE-2023-4969) proved that AMD, Apple, and Qualcomm GPUs leak memory between processes, allowing full reconstruction of LLM responses. NVBleed demonstrated cross-VM data leakage through NVIDIA's NVLink interconnect on Google Cloud Platform. And at RSA Conference 2026, analysts highlighted that traditional security tools monitor only CPU and OS activity, leaving GPU operations completely invisible.

If you are training or running inference on cloud GPUs, this matters. Here is the full technical breakdown.

Every AI App Data Breach Since January 2025: 20 Incidents, Same Root Causes

· 29 min read
Dhayabaran V
Dhayabaran V
Barrack AI

Between January 2025 and February 2026, at least 20 documented security incidents exposed the personal data of tens of millions of users across AI-powered applications. Nearly every single one traces back to the same preventable root causes: misconfigured Firebase databases, missing Supabase Row Level Security, hardcoded API keys, and exposed cloud backends.

This is not a collection of isolated mistakes.

Three independent large-scale research projects, CovertLabs' Firehound scanning 198 iOS apps, Cybernews' audit of 38,630 Android AI apps, and Escape's analysis of 5,600 vibe-coded applications, all converge on the same conclusion: the AI app ecosystem has a systemic, structural security crisis. The rush to ship AI wrappers, chatbots, and "vibe-coded" products has outpaced even the most basic security practices, leaving hundreds of millions of user records readable by anyone with a browser.

What follows is every documented incident, research finding, and industry statistic. Sourced, dated, and cross-referenced.