Malicious Code Found in Hugging Face Machine Learning Models
/ 1 min read
🧩 Malware Threats Emerge from Hugging Face’s Use of Pickle Files. Recent research by ReversingLabs has uncovered vulnerabilities in Hugging Face’s platform, where malicious code was found embedded in machine learning models using Python’s Pickle file serialization. Despite Hugging Face’s security measures, two models containing harmful payloads evaded detection, highlighting the risks associated with using Pickle files in collaborative environments. The research revealed that the Picklescan tool failed to identify dangerous functions in “broken” Pickle files, allowing malicious code to execute undetected. Hugging Face responded swiftly to the findings, removing the compromised models and updating their security tools. This incident underscores the need for enhanced security protocols when utilizing Pickle files in machine learning applications.
