Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

5 April 2024

Cybersecurity firm Wiz.io found that AI-as-a-service (aka AI Cloud) platforms like Hugging Face are vulnerable to critical risks, which allow threat actors to escalate privileges, gain cross-tenant access, and potentially take over continuous integration and continuous deployment (CI/CD) pipelines. Understanding The Problem AI models require a strong GPU, often outsourced to AI service providers similar to consuming cloud infrastructure from AWS/GCP/Azure. Hugging Face’s service is called Hugging Face Inference API.

Source: HackRead

Date:

5 April 2024

Categorie(s):

NEWS

Tag(s):

Hugging Face, IT, News, Wiz

Can I phone a friend? How cops circumvent face recognition bans20 May 2024
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel20 May 2024
Network Outages Hit 59% of Multi-Site Businesses Monthly20 May 2024
Does Apple want to lower genAI expectations for WWDC?20 May 2024
Highlights from RSA Conference: Secure by Design, AI Insights, and Global Collaboration20 May 2024