New research has found issues in Hugging Faces architecture that could put models across the platform at risk
Researchers have raised concerns over vulnerabilities that could compromise AI as a Service providers operating on Hugging Face by uploading custom-made malicious models.
Analysis from Wiz showed researchers were able to run arbitrary code after uploading tampered models to Hugging Face, leveraging this within Hugging Face’s inference API feature to gain escalated control.
Attackers could have a “devastating” impact on the Hugging Face environment were they to successfully utilize these vulnerabilities, the study found, granting them access to millions of private AI models and applications.
Worryingly, Wiz doesn’t believe that these findings are in any way unique, with researchers citing this as a likely ongoing challenge for the AI as a service industry.
“We believe those findings are not unique to Hugging Face and represent challenges of tenant separation that many AI as a service companies will face,” the Wiz researchers said.
“We in the security community should partner closely with those companies to ensure safe infrastructure and guardrails are put in place without hindering this rapid (and truly incredible) growth,” they added.
