Skip to content

H2O Driverless AI Token

Service Name: H2O.ai Driverless AI

Service Description: H2O Driverless AI is an automated machine learning platform that enables data scientists and analysts to build and deploy machine learning models with minimal manual intervention. It automates feature engineering, model selection, and hyperparameter tuning.

Service Address: https://www.h2o.ai/products/h2o-driverless-ai/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the server level through network security settings, but not directly at the token level.

Secret Access Scope: Grants programmatic access to H2O Driverless AI platform, allowing users to create, train, and deploy machine learning models, access datasets, and manage experiments.

Secret Revokement URL: Access can be revoked through the H2O Driverless AI admin interface or API

Secret Example: dai-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Suspicious Activity Investigation Instructions:

  • Review access logs in the H2O Driverless AI platform for unusual activity
  • Check for unexpected model training jobs or deployments
  • Monitor for unauthorized data access or downloads
  • Look for unusual API call patterns or high-volume requests
  • Verify if there are any new experiments or projects created by unauthorized users

Mitigation Instructions:

  • Log in to the H2O Driverless AI admin interface
  • Navigate to the user management section
  • Locate the compromised token and revoke it
  • Generate a new token if needed for legitimate use cases
  • Review and update access permissions for affected users
  • Consider implementing IP restrictions for API access if not already in place
  • Enable additional authentication mechanisms like two-factor authentication if

available

  • Update any applications or scripts using the old token with the new one