May 25, 2024 at 06:18AM A critical security flaw in AI-as-a-service provider Replicate allowed unauthorized access to proprietary AI models and sensitive information due to a vulnerability in its containerization process. The flaw was responsibly disclosed and addressed, and there is no evidence of exploitation. However, it highlights the potential risks of malicious models in … Read more
April 5, 2024 at 04:51PM Two critical security vulnerabilities in the Hugging Face AI platform allowed attackers to access customer data and overwrite images in a shared container registry. Researchers at Wiz found weaknesses in Hugging Face’s Inference API, Endpoints, and Spaces. The vulnerabilities were exploited by uploading a Pickle-based model. Hugging Face has since … Read more
April 5, 2024 at 10:39AM New research has revealed that AI-as-a-service providers, like Hugging Face, are vulnerable to threats allowing attackers to gain access to private AI models and apps. The findings highlight the risk of supply chain attacks on machine learning pipelines. Recommendations include using trusted AI models, enabling multi-factor authentication, and avoiding pickle … Read more