Malicious Machine Learning Models Discovered on Hugging Face: Report

Malicious Machine Learning Models Discovered on Hugging Face: Report

Hugging face, the artificial intelligence (ai) and machine learning (ml) hub, is said to control Malicious Ml Models. A cybersecurity research firm discovered two such models that contain code that can be used to package and distribute malware to that who download these files.

As per the results, threat actors are using a hard-to-detect method, dubbed pickle file serialization, to insert malicious software. The Resarchers Claimed to have reported the Malicious Ml Models, and Hugging Face has Removed Them From The Platform.ReSeARCERS Discover Malicious ML MODELS in Hugging Factsinglabs, A , Discovered the Malicious Ml Models and Detailed the new exploit being used by Threat actors on hugging face. Notably, A Large Number of Developers and Companies Host Open-Source Ai Models on the Platform That Can Be Downloaded and Used By Oshes.The Firm Discovered that the modest Ialization. For the unaware, ml models are stored in a variety of data serialization formats, which can be shared and reused. Pickle is a python module that is used for serialising and deserialising ml model data. It is General Considered an Unsafe data format as python code can be executed during the deserialization process.in closed platforms, pickle files have access to limited data data sourted sourtes. However, Since Hugging Face is an open-source platform, these files are used broadly allowance attackers to abuse the system to hide malware payloads.during the inventory Contained malicious code. However, these ml models were said to escape the platform’s security measures and was not flagged as unsafe. The researchrs named the Technique of Inserting Compressed pickle file. The Researchers found that the models were compressed using the 7z format which prevended them from from being loaded using pytorch’S “Torch.load ()” function. This compression also prevested hugging face’s picklescan tool from detecting End up installing the malware on their devices. The cybersecurity firm reported the feel to the hugging face security team on January 20 and claimed that the models was removed in less than 24 hours. Additional, the platform is said to have made changes to the picklescan tool to better identify such thoughts in “Broken ‘pickle files. (Tagstotranslate) Hugging face Malicious Machine Learning Ml Model Discovered Cybersecurity Report Hugging Face (T) Ai (T) Ai (T) Artificial Intelligence (T) Ml (T) Ml (T) Malware (T) Malware

Credit-Read More

// Function to fetch the latest posts
function fetchLatestPosts() {
const feedUrl = ‘https://newskiosk.pro/feed/’; // Replace with your blog’s RSS feed URL
fetch(feedUrl)
.then(response => response.text())
.then(str => new window.DOMParser().parseFromString(str, “text/xml”))
.then(data => {
const items = Array.from(data.querySelectorAll(“item”));
const latestPostsContainer = document.getElementById(“latest-posts”);
latestPostsContainer.innerHTML = ”; // Clear previous posts

// Shuffle the items array
const shuffledItems = items.sort(() => Math.random() – 0.5);

// Select the first 5 items from the shuffled array
const selectedItems = shuffledItems.slice(0, 5);

// Loop through the selected items and display them
selectedItems.forEach(post => {
const link = post.querySelector(“link”).textContent;
const description = post.querySelector(“description”).textContent;

// Create a new post element
const postElement = document.createElement(“div”);
postElement.classList.add(“latest-post”);
postElement.innerHTML = `

${description} Read more

`;

// Append the new post element to the container
latestPostsContainer.appendChild(postElement);
});
})
.catch(error => console.error(‘Error fetching the latest posts:’, error));
}

// Call the function to fetch and display the latest posts
fetchLatestPosts();