Hugging Face Discovers ‘Unauthorized Access’ to Its AI Model Hosting Platform

On Friday afternoon, typically a time for less-than-favorable announcements, AI startup Hugging Face revealed that its security team detected "unauthorized access" to Spaces, the platform dedicated to creating, sharing, and hosting AI models and resources.

In a detailed blog post, Hugging Face explained that the breach involved Spaces secrets—private information that serves as keys to access protected resources like accounts, tools, and development environments. The company has "suspicions" that some of these secrets may have been accessed by an unauthorized third party. As a precautionary measure, Hugging Face has revoked several tokens linked to these secrets. Tokens are essential for verifying user identities. Users whose tokens have been revoked have already received email notifications, and the company recommends that all users "refresh any key or token" and consider transitioning to fine-grained access tokens, which offer enhanced security.

The exact number of affected users or applications remains unclear.

In the blog post, Hugging Face stated, “We are collaborating with external cybersecurity forensic specialists to investigate this issue and assess our security policies and procedures. We have also reported the incident to law enforcement agencies and data protection authorities. We sincerely regret any disruption this incident may have caused and understand the inconvenience it might create. We commit to using this incident as an opportunity to bolster the security of our entire infrastructure.”

A spokesperson for Hugging Face noted: “We have observed a significant rise in cyberattacks over the past few months, likely correlated with our increasing usage and the mainstream adoption of AI. It is technically challenging to ascertain how many Spaces secrets have been compromised.”

This potential breach of Spaces occurs amid growing scrutiny of Hugging Face's security practices. The company, a leading platform for collaborative AI and data science projects, hosts over one million models, datasets, and AI-powered applications. Previously, in April, cloud security firm Wiz identified and subsequently patched a vulnerability that permitted attackers to execute arbitrary code during a Hugging Face-hosted app's build time, allowing them to inspect network connections from their machines. Earlier, security firm JFrog uncovered evidence that code uploaded to Hugging Face could secretly install backdoors and malware on end-user devices. Furthermore, security startup HiddenLayer flagged potential misuse of Hugging Face's supposedly secure serialization format, Safetensors, to create sabotaged AI models.

In response to these challenges, Hugging Face recently announced plans to collaborate with Wiz, utilizing their vulnerability scanning and cloud environment configuration tools to enhance security across its platform and the broader AI/ML ecosystem.