AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Share:

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week.

“We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory.

Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also functions as a discovery service to look up AI apps made by other users on the platform.

In response to the security event, Hugging Space said it is taking the step of revoking a number of HF tokens present in those secrets and that it’s notifying users who had their tokens revoked via email.

“We recommend you refresh any key or token and consider switching your HF tokens to fine-grained access tokens which are the new default,” it added.

Hugging Face, however, did not disclose how many users are impacted by the incident, which is currently under further investigation. It has also alerted law enforcement agencies and data protection authorities of the breach.

The development comes as the explosive growth of the AI sector has landed AI-as-a-service (AIaaS) providers like Hugging Face in attackers’ crosshairs, who could exploit them for malicious purposes.

In early April, cloud security firm Wiz detailed security issues in Hugging Face that could permit an adversary to gain cross-tenant access and poison AI/ML models by taking over the continuous integration and continuous deployment (CI/CD) pipelines.

Previous research undertaken by HiddenLayer also unearthed flaws in the Hugging Face Safetensors conversion service that made it possible to hijack the AI models submitted by users and stage supply chain attacks.

“If a malicious actor were to compromise Hugging Face’s platform, they could potentially gain access to private AI models, datasets, and critical applications, leading to widespread damage and potential supply chain risk,” Wiz researchers noted in April.

Ravie Lakshmanan

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:28 am, Feb 12, 2025
weather icon 4°C
L: 3° | H: 5°
overcast clouds
Humidity: 91 %
Pressure: 1019 mb
Wind: 5 mph NNW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 6 km
Sunrise: 7:20 am
Sunset: 5:09 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
3° | 5°°C 0 mm 0% 5 mph 89 % 1021 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
3° | 6°°C 0 mm 0% 9 mph 87 % 1025 mb 0 mm/h
Fri Feb 14 9:00 pm
weather icon
1° | 6°°C 0 mm 0% 8 mph 81 % 1026 mb 0 mm/h
Sat Feb 15 9:00 pm
weather icon
1° | 6°°C 0 mm 0% 8 mph 85 % 1024 mb 0 mm/h
Sun Feb 16 9:00 pm
weather icon
4° | 8°°C 1 mm 100% 6 mph 95 % 1019 mb 0 mm/h
Today 3:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 89 % 1019 mb 0 mm/h
Today 6:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 79 % 1018 mb 0 mm/h
Today 9:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 76 % 1019 mb 0 mm/h
Today 12:00 pm
weather icon
5° | 5°°C 0 mm 0% 3 mph 68 % 1019 mb 0 mm/h
Today 3:00 pm
weather icon
6° | 6°°C 0 mm 0% 3 mph 71 % 1019 mb 0 mm/h
Today 6:00 pm
weather icon
5° | 5°°C 0 mm 0% 5 mph 76 % 1020 mb 0 mm/h
Today 9:00 pm
weather icon
5° | 5°°C 0 mm 0% 5 mph 78 % 1021 mb 0 mm/h
Tomorrow 12:00 am
weather icon
3° | 3°°C 0 mm 0% 4 mph 87 % 1022 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€92,455.11
-1.93%
Ethereum(ETH)
€2,514.63
-2.42%
Tether(USDT)
€0.96
-0.03%
XRP(XRP)
€2.33
-0.76%
Solana(SOL)
€190.84
-1.51%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.244036
-1.34%
Shiba Inu(SHIB)
€0.000015
-0.97%
Pepe(PEPE)
€0.000010
-0.13%
Scroll to Top