This incident comes as Hugging Face, one of the largest platforms for collaborative AI and data science projects, faces increasing scrutiny over its security practices. Earlier this year, vulnerabilities were discovered that allowed attackers to execute arbitrary code and install malware on end-user machines. The company has pledged to strengthen its security infrastructure and is working with cloud security firm Wiz to improve security across its platform.
Key takeaways:
- Hugging Face, an AI startup, detected unauthorized access to its platform, Spaces, which is used for creating, sharing, and hosting AI models and resources.
- The intrusion is suspected to have allowed a third party to access private information, known as Spaces secrets, which act as keys to unlock protected resources. As a precaution, Hugging Face has revoked a number of tokens in those secrets.
- Hugging Face is working with outside cybersecurity forensic specialists to investigate the issue and has reported the incident to law enforcement agencies and data protection authorities.
- This incident comes as Hugging Face faces increasing scrutiny over its security practices, with vulnerabilities and potential malware installation previously identified by security firms Wiz, JFrog, and HiddenLayer.