216.73.217.50

Malicious ML models discovered on Hugging Face platform

· Published 07/02/2025 00:08 · Modified 07/02/2025 08:21

Export JSON

Essential information

Published
07/02/2025 00:08
Modified
07/02/2025 08:21
Tags
2025-02-07 ai security hugging face machine learning nullifai pickle serialization picklescan pytorch reverse shell
Related entities
5 techniques (mitre), 1 malware, 1 others

Description

RL researchers have identified a novel attack technique called on the platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing code, bypassing 's security scanning mechanisms. The attack exploits a vulnerability in the tool, which fails to detect dangerous functions in broken Pickle files. This poses a significant risk to developers using the platform. The researchers created proof-of-concept samples to demonstrate the flaw and reported their findings to , who promptly removed the malicious models and updated their security tools.

External references