🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Hugging Face Fixed Troubling Issues for Better Security

In this post:

  • Researchers found two major flaws in the Hugging Face platform.
  • These faults were facilitating hackers to run their vicious codes.
  • Hugging Face has announced that it has sorted out the flaws.

Hugging Face receives a huge number of AI models for testing and evaluation that are vulnerable to hackers. The artificial intelligence adaptation rate is the one that has never been seen before. This frenzy has helped in developing many beneficial tools, but at the same time, it has provided a faster and easier way to the hackers to implement their malicious strategies. Speaking of Hugging Face, as hackers had a way to retrieve user information by running their own codes. 

According to researchers at cloud security firm WIZ, there were two major flaws in the system architecture where ML (machine learning) models were executed. The flaws, namely shared inference infrastructure takeover risk and shared continuous integration and continuous deployment (CI/CD) takeover risk, left users at the mercy of black-hat jacks. In simpler words, these flaws provided a secret way for hackers to upload their codes, which gave them a way to temper the registries. 

Hugging Face’s and WIZ’s partnership to explore the shortcomings

Hackers could unauthorizedly access other users’ data by uploading their own malicious AI models. This was a big problem and could make a potential dent in Hugging Face’s reputation as these platforms are extensively used for storing and processing AI models as an AI as a service platform (AlaaS). WIZ partnered with AaaS companies to find security vulnerabilities in these platforms. In the case of Hugging Face, its immense popularity and adoption brought it on the radar of hackers. WIZ’s collaboration provided a good opportunity for Hugging Face to mediate the shortcomings in its system and strengthen the platform’s security measures.

See also  AMD's CEO Lisa Su marks 10 year anniversary with pledge to knock Nvidia off its perch

As we know, AI models require higher GPU power to run their functions, for which startups and other smaller vendors rely on AI service-provider companies. The interface API of Hugging Face also provides the very same service. In the process, WIZ Research ran its own vicious AI model with some nasty features that compromised the Hugging Face service. This made the system vulnerable, and WIZ could access other customer models who were utilizing the Hugging Face service. 

Solutions and remedies for protection on Alaas platforms

WIZ stated on its blog that these shortcoming and findings are not plaguing Hugging Face only, rather, they have broader implications for the entire AI as a service industry. All players in the industry are at the risk of magnitute, as hackers see them as a GitHub of AI models and seek to get cross-user access illegally. 

Hugging Face and Wiz jointly suggested some precautions to prevent security breaches, they advised stringent security controls and regular monitoring of activities. They also suggested using secure registries and providing a sandboxed environment for running user applications by making the places where they store their codes more fenced to prevent cross-user access.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

See also  AI framework: China makes 6 bold moves for global leadership amid censorship concerns

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan