Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Tongyi Lab

Tongyi Lab Vendor Cyber Rating & Cyber Score

alibaba.com

Tongyi Lab is the AI research lab under Alibaba Group. The lab is dedicated to advancing the research and innovation of AI models across various domains. Our work spans key areas of AI technology such as Large Language Models (LLMs), multimodal understanding and generation, visual AIGC, speech technologies, and beyond. The Tongyi model family is now one of the world’s largest open-source model series by scale and linguistic coverage, featuring the large language model (LLM) series Qwen, the visual-generation model series Wan, the enterprise-grade audio foundation model series Fun, and many more exciting developments on the horizon. We are committed to translating cutting-edge research into real-world industrial applications. Led by the


Tongyi Lab A.I CyberSecurity Scoring

Tongyi Lab
Company Information
Website:https://careers-tongyi.alibaba.com/?lang=zh
Employees number:22
Number of followers:821
NAICS:5417
Industry Type:Research Services
Homepage:alibaba.com
Tongyi Lab Risk Score (AI oriented)
Between 700 and 749
logo
Tongyi LabResearch Services
Updated:
13/03/2026
748/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Tongyi Lab Global Score (TPRM)
xxxx
logo
Tongyi LabResearch Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Tongyi Lab
Tongyi LabModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
749Before Incident
JUNE 2026
749Before Incident
MAY 2026
749Before Incident
APRIL 2026
749Before Incident
MARCH 2026
750Before Incident
Vulnerability
04 Mar 2026Tongyi Lab
ModelScope: MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control

Critical RCE Vulnerability in MS-Agent AI Framework Exposes Systems to Full Compromise

748After Incident
CRITICAL-2
ALI1772620145
Critical RCE Vulnerability in MS-Agent AI Framework Exposes Systems to Full Compromise A severe security flaw (CVE-2026-2256) has been identified in ModelScope’s MS-Agent framework, a lightweight tool enabling AI agents to execute autonomous system commands. The vulnerability, rated 9.8 (CVSS v3.1), allows attackers to perform remote code execution (RCE) by exploiting inadequate input sanitization in the framework’s "Shell tool." The flaw stems from prompt injection attacks, where malicious commands embedded in seemingly benign input such as documents or code are passed unsanitized to the OS. While MS-Agent employs a basic `check_safe()` denylist to block dangerous commands, researchers found it can be bypassed through command obfuscation or alternative syntax, rendering the defense ineffective. Successful exploitation grants attackers arbitrary command execution with the same privileges as the MS-Agent process, enabling: - Data exfiltration of sensitive files accessible to the AI. - Modification or deletion of critical system files. - Persistence mechanisms, including backdoor installation. - Lateral movement across enterprise networks. As of the CERT/CC disclosure, the vendor has not released a patch or official response. Organizations using MS-Agent are urged to mitigate risks by sandboxing the agent, enforcing least-privilege access, validating all ingested content, and replacing denylists with strict allowlists to restrict permitted commands. The incident underscores the escalating security risks of AI agents with unchecked OS access.
INCIDENT DETAILS -
TYPE
Remote Code Execution (RCE)
IMPACT
Data Compromised: Sensitive files accessible to the AISystems Affected: Systems running MS-Agent frameworkOperational Impact: Modification or deletion of critical system files, lateral movement across networks
DATA BREACH
Type Of Data Compromised: Sensitive files accessible to the AIData Exfiltration: Yes
FEBRUARY 2026
750Before Incident
JANUARY 2026
750Before Incident
DECEMBER 2025
750Before Incident
NOVEMBER 2025
750Before Incident
OCTOBER 2025
750Before Incident
SEPTEMBER 2025
750Before Incident
AUGUST 2025
750Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Tongyi Lab ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Tongyi Lab's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Tongyi Lab's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Tongyi Lab ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Tongyi Lab's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?