AI/ML, Threat Intelligence, Supply chain

Hugging Face compromised with malicious AI models

February 10, 2025

(Adobe Stock)

Widely used machine learning and data science platform Hugging Face has been covertly infiltrated with at least two artificial intelligence models containing malicious code through the new nullifAI attack technique that involves the exploitation of Pickle files leveraged for ML model data serialization and deserialization, Cybernews reports.

Both malicious packages resembling proof-of-concept models — which have already been deactivated by Hugging Face — were not identified by Hugging Face's Picklescan security tool due to differences in compression format with PyTorch, as well as a security issue that prevented the proper scanning of Pickle files that could facilitate compromise, according to a report from ReversingLabs. "Threats lurking in Pickle files are not new. In fact, there are warnings popping out all over the documentation and there has been a lot of research on this topic," said researchers, who noted the existence of several other yet-to-be-identified security evasion measures involving the exploitation of Pickle files.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Learn More

SC Staff

person typing on a touch screen schedule plan calendar.

AI/ML

AI agents: The next step in the artificial intelligence revolution?

Stephen WeigandFebruary 11, 2025

They’re task-oriented and designed to carry them out without human input. The AI agents are coming.

Engineer using DeepSeek R1 model chat to solve a reasoning problem

AI/ML

DeepSeek prohibited in New York government devices

SC StaffFebruary 11, 2025

Increasing concerns regarding the potential utilization of Chinese artificial intelligence platform DeepSeek for foreign government surveillance have prompted New York Gov. Kathy Hochul to ban the AI chatbot's usage across all state-issued devices just days after Texas Gov. Greg Abbott issued a similar prohibition for DeepSeek and Chinese-owned social media apps.

Computer screen showing red ransomware warning message in home o

Attack surface management

Seed funding secures $3.2M for ThreatMate

SC StaffFebruary 10, 2025

Aside from integrating analytics and continuous monitoring to improve MSP management of customers' accounts, ThreatMate's solution has been touted to enable automated penetration testing, cybersecurity audits, risk scoring, asset discovery, and dark web tracking to facilitate less complex and costly security, compared with typical enterprise security platforms.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news