The Ray framework, an open source tool for AI and Python workload scaling, is found vulnerable to six flaws allowing hackers to hijack devices and steal sensitive data. Cybersecurity researchers from Oligo disclosed the flaws, which were exploited by the 'ShadowRay' hacking campaign targeting various industry verticals. Anyscale, Ray's developer, fixed four vulnerabilities but disputes the critical remote code execution (RCE) flaw, arguing it's based on a design decision. However, Oligo claims active exploitation in the wild and warns of potential breaches. They observed 'hundreds' of publicly exposed Ray servers compromised via this vulnerability, leading to data theft and unauthorized cryptocurrency mining. Anyscale intends to incorporate authentication in a future version, although it contends that the RCE flaw is only exploitable in non-compliant deployments.