New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Researchers studying cybersecurity have discovered that it is feasible to breach the Hugging Face Safetensors conversion service, which might lead to supply chain attacks and the eventual theft of user-submitted models.

According to a research released by HiddenLayer last week, it is possible to submit malicious pull requests containing data controlled by the attacker from the Hugging Face service to any repository on the platform. Additionally, any models submitted through the conversion service can be hijacked.

Malicious actors can thus request changes to any repository on the platform by posing as the conversion bot, all thanks to a hijacked model that is intended to be converted by the service read more New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *