This study addresses the growing concern of vulnerability variants in AI infrastructure caused by code reuse, whose prevalence and detectability remain poorly understood. The work presents the first systematic evidence of widespread cross-repository vulnerability variants and introduces a reference-driven, semantic-level detection approach. By leveraging a multi-agent framework to extract semantic features from known vulnerabilities and integrating static analysis, the method automatically identifies and validates variant vulnerabilities in new codebases. Evaluated across 20 prominent AI infrastructure projects, the approach uncovered over 20 previously unknown vulnerabilities, 11 of which were confirmed by developers and 4 assigned CVE identifiers.

AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalence and detectability of these variants remain poorly understood. This paper presents a measurement study of vulnerability variants in AI infra. Analyzing 688 GitHub repositories and 251 publicly disclosed vulnerabilities, we find that AI infra projects frequently share overlapping functionality and recurrent vulnerable patterns, creating a concrete basis for cross-repository variants. Building on this finding, we study how to automatically identify such variants from known disclosures. We propose INFRASCOPE, a reference-driven multi-agent framework that extracts transferable vulnerability semantics from known cases and uses them to locate and validate variants in new repositories. Evaluating INFRASCOPE on 20 real-world AI infra repositories, we uncover over 20 vulnerabilities, including 11 acknowledged cases and 4 cases that have been assigned CVEs so far.