huggingface
Safeguard articles tagged "huggingface" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Securing Hugging Face Models: A Practical Safety Guide
Hugging Face is the npm of machine learning, and it inherits npm's problems. Malicious weights, pickle payloads, and leaked Space secrets are all live risks — here is how to pull models safely.
Hugging Face as Malware CDN and Exfiltration Backend: The DPRK-Linked npm Campaign of May 2026
OX Security disclosed a DPRK-aligned campaign that abused Hugging Face as a malware host and data-exfiltration backend, using public repos to serve second-stage payloads and private datasets to receive stolen developer secrets.
The Fake OpenAI 'privacy-filter' Model: How a Typosquat Hit #1 on Hugging Face in May 2026
A repository named Open-OSS/privacy-filter impersonated OpenAI's release, copied its model card verbatim, and shipped a loader.py that pulled an infostealer. It reached #1 trending with ~244,000 downloads before removal.
Hugging Face Model Hub Supply Chain Risks in 2025
Pickle deserialization, malicious Spaces, and namespace squatting: what 2024-2025 taught us about the Hugging Face model supply chain.
Hugging Face's Guardian-Plus-Picklescan Stack: How the Model Hub Scanning Posture Evolved Through 2025-2026
Following NullifAI and the broken-pickle bypass campaigns, Hugging Face layered Protect AI's Guardian on top of Picklescan, ClamAV, and secrets scanning across 1.5 million public models. Here is the defender view of the new pipeline.