Tag: Hugging Face Vulnerability

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
News

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Researchers studying cybersecurity have discovered that it is feasible to breach the Hugging Face Safetensors conversion service, which might lead to supply chain attacks and the eventual theft of user-submitted models. According to a research released by HiddenLayer last week, it is possible to submit malicious pull requests containing data controlled by the attacker from the Hugging Face service to any repository on the platform. Additionally, any models submitted through the conversion service can be hijacked. Malicious actors can thus request changes to any repository on the platform by posing as the conversion bot, all thanks to a hijacked model that is intended to be converted by the service read more New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks. ...