CyberSecurity news

FlagThis - #nvidia

@blogs.nvidia.com //
Nvidia is currently facing pressure from the U.S. government regarding AI GPU export rules. CEO Jensen Huang has been advocating for the Trump administration to relax these restrictions, arguing they hinder American companies' ability to compete in the global market. Huang stated at the Hill and Valley Forum that China is not far behind the U.S. in AI capabilities, emphasizing the need to accelerate the diffusion of American AI technology worldwide. He also acknowledged Huawei's progress in computing, networking, and software, noting their development of the CloudMatrix 384 system. This system, powered by Ascend 910C accelerators, is considered competitive with Nvidia's GB200 NVL72, signaling the emergence of domestic alternatives in China.

Despite Nvidia's pleas, the Trump administration is considering tighter controls on AI GPU exports. The administration plans to use chip access as leverage in trade negotiations with other nations. This approach contrasts with Nvidia's view that restricting exports will only fuel the development of competing hardware and software in countries like China. According to the AI Diffusion framework, access to advanced AI chips like Nvidia’s H100 is only unrestricted for companies based in the U.S. and "Tier 1" nations, while those in "Tier 2" nations face annual limits and "Tier 3" countries are effectively barred.

Adding to the complexity, Nvidia is also engaged in a public dispute with AI startup Anthropic over the export restrictions. Anthropic has endorsed the Biden-era "AI Diffusion Rule" and has claimed there has been chip smuggling to China. An Nvidia spokesperson dismissed Anthropic's claims about chip smuggling tactics as "tall tales," arguing that American firms should focus on innovation instead of trying to manipulate policy for competitive advantage. As the May 15th export controls deadline approaches, the tensions continue to rise within the AI industry over the balance between national security, economic prosperity, and global competitiveness.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • AIwire: Huawei Challenges Nvidia’s AI Dominance with New Chip
  • R. Scott Raynovich: Huawei Moves Ratchet Up Nvidia’s Stakes In The AI Trade War
  • www.tomshardware.com: Nvidia asks US government to ease AI GPU export rules, but Trump administration plans tighter controls
  • blogs.nvidia.com: NVIDIA Experts Share Top 5 Tips for Standing Out in the AI Job Market
  • www.tomshardware.com: Nvidia's CEO says China is not far behind the U.S. in AI capabilities
  • NVIDIA Newsroom: NVIDIA Experts Share Top 5 Tips for Standing Out in the AI Job Market
  • Maginative: Nvidia and Anthropic have expressed conflicting views on the U.S. government's AI chip export controls, with Anthropic advocating for stricter rules to limit China's access to advanced GPUs.
  • The Register - Software: Anthropic calls for tougher GPU export controls as Nvidia's CEO implores Trump to spread the AI love
Classification:
  • HashTags: #Nvidia #AIhardware #ChinaAI
  • Company: Nvidia
  • Target: US Industry, China
  • Product: AI GPU
  • Feature: AI Hardware
  • Malware: CloudMatrix 384
  • Type: AI
  • Severity: Informative
@cyberpress.org //
NVIDIA has issued a critical security update for its TensorRT-LLM framework to address a high-severity vulnerability, identified as CVE-2025-23254. This flaw poses significant risks, potentially leading to remote code execution, data tampering, and information disclosure. All platforms and versions of TensorRT-LLM prior to 0.18.2 are affected, making this update essential for users to safeguard their systems against potential attacks. The vulnerability resides in the Python executor component of TensorRT-LLM and stems from insecure handling of Inter-Process Communication (IPC).

The specific weakness lies in the Python pickle module's utilization for serialization and deserialization within the socket-based IPC system. An attacker with local access to the TRTLLM server could exploit this by injecting malicious code, gaining unauthorized access to sensitive data, or manipulating existing data. NVIDIA has assigned a CVSS base score of 8.8 to this vulnerability, classifying it as high severity, with the underlying technical risk categorized as "Deserialization of Untrusted Data" (CWE-502). Avi Lumelsky of Oligo Security is credited with responsibly reporting the vulnerability.

To mitigate this threat, NVIDIA has implemented HMAC (Hash-Based Message Authentication Code) encryption by default for all socket-based IPC operations in both the main and release branches of TensorRT-LLM. This security enhancement ensures the integrity and authenticity of serialized data exchanged between processes, preventing unauthorized code execution. NVIDIA strongly advises users not to disable this encryption feature, as doing so would reintroduce the vulnerability and leave systems vulnerable to potential attacks. Users are urged to immediately update to TensorRT-LLM version 0.18.2 or later to fully address the identified risks.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Cyber Security News: NVIDIA has released a crucial security update for its TensorRT-LLM Framework, addressing a high-severity vulnerability that could expose users to significant risks, including remote code execution, data tampering, and information disclosure. The vulnerability, tracked as CVE-2025-23254, affects all platforms and all versions of TensorRT-LLM before 0.18.2. Vulnerability Details The flaw resides in the Python executor
  • securityonline.info: NVIDIA has released a security update for its TensorRT-LLM Framework, addressing a high-severity vulnerability that could expose users The post appeared first on .
  • gbhackers.com: NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vulnerability The vulnerability, identified as CVE-2025-23254, affects all versions of the NVIDIA TensorRT-LLM framework before 0.18.2 across
Classification:
  • HashTags: #NVIDIA #TensorRT #Vulnerability
  • Company: NVIDIA
  • Target: NVIDIA TensorRT-LLM Users
  • Attacker: APT Group
  • Product: TensorRT-LLM
  • Feature: TensorRT-LLM
  • Malware: CVE-2025-23254
  • Type: Vulnerability
  • Severity: Major
@blogs.nvidia.com //
Oracle Cloud Infrastructure (OCI) is now deploying thousands of NVIDIA Blackwell GPUs to power agentic AI and reasoning models. OCI has stood up and optimized its first wave of liquid-cooled NVIDIA GB200 NVL72 racks in its data centers, enabling customers to develop and run next-generation AI agents. The NVIDIA GB200 NVL72 platform is a rack-scale system combining 36 NVIDIA Grace CPUs and 72 NVIDIA Blackwell GPUs, delivering performance and energy efficiency for agentic AI powered by advanced AI reasoning models. Oracle aims to build one of the world's largest Blackwell clusters, with OCI Superclusters scaling beyond 100,000 NVIDIA Blackwell GPUs to meet the growing demand for accelerated computing.

This deployment includes high-speed NVIDIA Quantum-2 InfiniBand and NVIDIA Spectrum-X Ethernet networking for scalable, low-latency performance, along with software and database integrations from NVIDIA and OCI. OCI is among the first to deploy NVIDIA GB200 NVL72 systems, and this deployment marks a transformation of cloud data centers into AI factories. These AI factories are designed to manufacture intelligence at scale, leveraging the NVIDIA GB200 NVL72 platform. OCI offers flexible deployment options to bring Blackwell to customers across public, government, and sovereign clouds, as well as customer-owned data centers.

These new racks are the first systems available from NVIDIA DGX Cloud, an optimized platform with software, services, and technical support for developing and deploying AI workloads on clouds. NVIDIA will utilize these racks for various projects, including training reasoning models, autonomous vehicle development, accelerating chip design and manufacturing, and developing AI tools. In related cybersecurity news, Cisco Foundation AI has released its first open-source security model, Llama-3.1-FoundationAI-SecurityLLM-base-8B, designed to improve response time, expand capacity, and proactively reduce risk in security operations.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • NVIDIA Newsroom: Oracle has stood up and optimized its first wave of liquid-cooled NVIDIA GB200 NVL72 racks in its data centers.
  • Security @ Cisco Blogs: Foundation AI's first release — Llama-3.1-FoundationAI-SecurityLLM-base-8B — is designed to improve response time, expand capacity, and proactively reduce risk.
  • insidehpc.com: Nvidia said Oracle has stood up its first wave of liquid-cooled NVIDIA GB200 NVL72 racks in its data centers.
  • www.networkworld.com: Palo Alto Networks unpacks security platform to protect AI resources
Classification:
  • HashTags: #AISecurity #Cybersecurity #NVIDIAGPU
  • Company: Nvidia
  • Target: AI Factories, Reasoning Models
  • Product: Blackwell GPU
  • Feature: AI Model Security
  • Type: AI
  • Severity: Medium