SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    HuggingFace AI Exposing Multiple Backdoors to Users Machines
Date    Saturday March 02, @07:16PM
Author    janrinok
Topic   
from the no-sec-in-ai dept.
https://soylentnews.org/article.pl?sid=24/03/01/0748239

bmimatt writes:

https://www.bleepingcomputer.com/news/security/malicious-ai-models-on-hugging-face-backdoor-users-machines/

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.

Hugging Face is a tech firm engaged in artificial intelligence (AI), natural language processing (NLP), and machine learning (ML), providing a platform where communities can collaborate and share models, datasets, and complete applications.

JFrog's security team found that roughly a hundred models hosted on the platform feature malicious functionality, posing a significant risk of data breaches and espionage attacks.

This happens despite Hugging Face's security measures, including malware, pickle, and secrets scanning, and scrutinizing the models' functionality to discover behaviors like unsafe deserialization.

[...] The analysts deployed a HoneyPot to attract and analyze the activity to determine the operators' real intentions but were unable to capture any commands during the period of the established connectivity (in one day).


Original Submission

Links

  1. "bmimatt" - https://soylentnews.org/~bmimatt/
  2. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=62210

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, HuggingFace AI Exposing Multiple Backdoors to Users Machines on 2024-04-23 04:10:39