hugging-face
Safeguard articles tagged "hugging-face" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Hugging Face Token Exposure 2024 Analysis
Researchers found thousands of valid Hugging Face API tokens in public code and models. Analysis of the 2024 exposures and what they mean for ML supply chain.
Detecting Model Supply Chain Poisoning in 2026
Poisoning attacks against the model supply chain have moved from research to incident reports. What detection looks like when the attack surface includes weights.
Hugging Face Pickle Backdoor Research 2025
Pickle-serialized model files remain a live attack surface on Hugging Face. Here is what 2025 research disclosed about persistent backdoors and what defenders should do about it.
nullifAI: Broken Pickles and the Hugging Face Detection Gap
ReversingLabs disclosed two malicious Hugging Face models that evaded Picklescan by using broken 7z-packed PyTorch archives. We unpack the technique.
AI Model Supply Chain Risks: Hugging Face and the New Attack Surface
As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.