Tech

Clearview AI somehow gets even sketchier, exposes its source code in security lapse

Dubai-based cybersecurity firm SpiderSilk discovered the security issue.

picture alliance/picture alliance/Getty Images

Security issues continue to hound face identification startup Clearview AI. According to TechCrunch, the Dubai-based cybersecurity firm SpiderSilk found an exposed repository that carried the firm's source code. With a bit of working around, the misconfigured server could let practically anyone enter the Clearview AI system and run apps. On top of that, the repository also contained pre-release app versions and communication tokens.

Clearview AI bites back — In comments to TechCrunch, Clearview AI's founder Hoan Ton-That claimed that the firm "experienced a constant stream of cyber intrusion attempts, and have been investing heavily in augmenting our security." He added that the company had a bug bounty program and that SpiderSilk was not a participant in that campaign, likening the security firm's approach to extortion.

As TechCrunch highlights, however, SpiderSilk states that it only chose to inform Clearview AI about the security vulnerabilities and opted out of any compensation or reward offers. If SpiderSilk chose to accept the bounty, it would likely be barred from speaking of these alarming flaws in public.

Since the report has gone live, Clearview AI's founder claims the exposed keys have either been altered or removed. He also told TechCrunch that the firm had conducted a "full forensic audit of the host to confirm no other unauthorized access occurred."

Just another reason to be wary — SpiderSilk's deep dive into Clearview AI simply augments the litany of concerns surrounding Ton-That's secretive enterprise. In the past, there have been investigative reports into Clearview AI's fraternal links with white supremacists, how Clearview AI pushed a false endorsement from the American Civil Liberties Union, and how the company continues to work closely with members of the Customs and Border Protection, Interpol, Federal Bureau of Investigation, and even some workers at the tech division in the White House. Tech giants like Apple and YouTube have also blasted Ton-That's work.

This is to say that the company is no stranger to criticism or damning evidence of security weaknesses. In February, Clearview AI's enormous client list got hacked and exposed. So, in spite of what Ton-That tells TechCrunch and the world, Clearview AI is not only ethically suspect, its very own security infrastructure is pockmarked with holes ripe for even more exploitation.