Dark Reading

ML Model Repositories: The Next Big Supply Chain Attack Target

Repositories for machine learning models like Hugging Face give threat actors the same opportunities to sneak malicious code into development environments as open source public repositories like npm ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
Business Wire

Hugging Face and Protect AI Partner to Support Safe and Secure Usage of World’s Largest Repository of Open Source Machine Learning Models

SEATTLE & BROOKLYN, N.Y.--(BUSINESS WIRE)--Protect AI, the leading Artificial Intelligence (AI) and Machine Learning (ML) security company, and Hugging Face, the world's fastest growing community and ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...