Red Specter VORTEX

Cloud AI Infrastructure Exploitation Framework — 7 subsystems. 36 techniques. 245 tests.

v1.0.0

Contents

Overview Installation DISCOVER — Service Discovery CONFIG — Misconfiguration THEFT — Model Theft EXFIL — Data Exfiltration PRIVESC — Privilege Escalation PERSIST — Cloud Persistence ANTIDOTE — Mandatory Restore UNLEASHED Mode CLI Reference MITRE ATLAS Mapping Disclaimer

Overview

VORTEX targets the cloud infrastructure that AI systems run on. Every major cloud provider offers AI/ML services — SageMaker, Vertex AI, Azure ML, Bedrock — and every deployment introduces cloud-specific attack surfaces that traditional AI security tools ignore. VORTEX finds them.

Your models live in the cloud. VORTEX owns the cloud.

Installation

$ pip install red-specter-vortex
$ vortex init
$ vortex status

DISCOVER — Service Discovery

ID	Technique	Description
DS-001	Endpoint Enumeration	Discover exposed model inference endpoints across cloud providers
DS-002	GPU Cluster Discovery	Identify GPU clusters and training infrastructure
DS-003	Registry Scanning	Scan model registries for exposed models and artifacts
DS-004	API Mapping	Map inference APIs, their authentication, and rate limits
DS-005	Provider Detection	Fingerprint cloud AI services (SageMaker, Vertex AI, Azure ML, Bedrock)

CONFIG — Misconfiguration

ID	Technique	Description
CF-001	Open Endpoints	Identify model endpoints with no authentication
CF-002	Exposed Training Data	Find training datasets in open cloud storage buckets
CF-003	Permissive IAM	Identify overly permissive IAM policies on AI resources
CF-004	Public Registries	Find model registries with public read access
CF-005	Unencrypted Channels	Identify unencrypted model serving and training channels

THEFT — Model Theft

Model extraction via cloud access. Weight exfiltration from model registries. Architecture reconstruction through API probing. Side-channel model extraction via inference timing. Complete model replication from cloud infrastructure access.

EXFIL — Data Exfiltration

Training data extraction from cloud storage. Inference data capture via logging exploitation. Model input/output interception. Data pipeline compromise. Cloud storage enumeration for sensitive AI training data.

PRIVESC — Privilege Escalation

Cloud AI privilege escalation. IAM role chaining through ML service accounts. Cross-service pivoting from AI endpoints to broader cloud access. GPU node escalation. Container breakout from model serving infrastructure.

PERSIST — Cloud Persistence

Maintain persistent access to cloud AI infrastructure. Model backdoor injection via registry access. CI/CD pipeline persistence. Scheduled training job manipulation. Container image poisoning for model serving.

ANTIDOTE — Mandatory Restore

Baseline capture before any engagement. Cloud configuration snapshot. IAM policy audit. Model registry integrity verification. Signed restoration certificate confirms clean state post-engagement.

VORTEX UNLEASHED

Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.

# Scan cloud AI surfaces (detection only)
$ vortex discover --provider aws --region eu-west-1

# UNLEASHED (dry run)
$ vortex exploit --target sagemaker-endpoint --override

# UNLEASHED (live)
$ vortex campaign --provider aws --override --confirm-destroy

UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Targets must be in allowed_targets.txt. 30-minute auto-lock. Unauthorised use violates applicable law.

CLI Reference

Command	Description
vortex init	Initialise configuration and Ed25519 keys
vortex status	System status and subsystem count
vortex techniques	List all 36 cloud exploitation techniques
vortex discover	DISCOVER — enumerate cloud AI services
vortex config	CONFIG — scan for misconfigurations
vortex steal	THEFT — extract models from cloud
vortex exfil	EXFIL — exfiltrate training data
vortex escalate	PRIVESC — escalate cloud privileges
vortex persist	PERSIST — establish cloud persistence
vortex campaign	Full cloud AI exploitation campaign
vortex engagements	List all engagement sessions

MITRE ATLAS Mapping

VORTEX techniques map to MITRE ATLAS tactics including AML.T0035 (ML Model Access), AML.T0037 (Model Discovery), AML.T0024 (Exfiltration via ML Inference API), and MITRE ATT&CK cloud matrix techniques for privilege escalation and persistence.

Disclaimer

Red Specter VORTEX is for authorised security testing only. Cloud AI infrastructure exploitation can disrupt production AI services and expose sensitive data. You must have explicit written permission before testing any system. Unauthorised use may violate the Computer Misuse Act 1990 (UK), CFAA (US), or equivalent legislation.