Artificial Intelligence company Hugging Face Reports Data Breach on Spaces Platform, Investigates Unauthorized Access – World News Estate

Artificial Intelligence company Hugging Face Reports Data Breach on Spaces Platform, Investigates Unauthorized Access

Artificial Intelligence Company Hugging Face Reports Data Breach on Spaces Platform

Artificial Intelligence (AI) company Hugging Face disclosed on Friday that it had detected unauthorized access to its Spaces platform earlier in the week.

“We suspect that a subset of Spaces’ secrets may have been accessed without authorization,” the company stated in an advisory.

Spaces is a platform that allows users to create, host, and share Artificial Intelligence and machine learning (ML) applications. It also serves as a discovery service for users to find AI apps created by others on the platform.

In response to the security breach, Hugging Face announced that it is revoking several HF tokens found in the compromised secrets and notifying affected users via email.

READ: Breaking AI News: Introducing Sora Text-to-Video

“We recommend refreshing any key or token and switching to fine-grained access tokens, which are now the default,” the advisory added.

Hugging Face did not specify how many users were affected by the breach, which is still under investigation. The company has also informed law enforcement agencies and data protection authorities about the incident.

This breach comes amidst the rapid growth of the AI sector, making AI-as-a-service (AIaaS) providers like Hugging Face prime targets for attackers who could exploit them for malicious purposes.

In early April, cloud security firm Wiz highlighted security vulnerabilities in Hugging Face that could allow adversaries to gain cross-tenant access and compromise AI/ML models by taking over the continuous integration and continuous deployment (CI/CD) pipelines.

READ: OpenAI Releases Deepfake Detector to Combat AI-Generated Misinformation Ahead of Elections

Previous research by HiddenLayer revealed flaws in the Hugging Face Safetensors conversion service, which could enable attackers to hijack submitted AI models and execute supply chain attacks.

“If a malicious actor were to compromise Hugging Face’s platform, they could potentially access private AI models, datasets, and critical applications, leading to widespread damage and supply chain risks,” Wiz researchers noted in April.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top