Artificial intelligence company Hugging Face revealed last week that sensitive information on its space platform may have been accessed without proper authorization.
The Hugging Face Spaces platform enables users and organizations to host interactive demos of machine learning (ML) applications.
Hugging Face said in a post on Friday that it detected the possible intrusion early last week and discovered that “some of our space's secrets” may have been leaked to unauthorized third parties.
The leaked secrets included the Hugging Face token, which the company revoked after discovering suspicious activity. The company said affected users received an email ahead of Friday's disclosure.
The disclosure notice also mentions several security changes made to the Spaces platform in response to the breach, including the removal of organizational tokens to improve traceability and auditability, and the implementation of a Key Management Service (KMS) for Spaces secrets.
Hugging Face said it plans to phase out traditional read and write tokens “in the near future” and replace them with fine-grained access tokens, which are currently the default.
Spaces users are encouraged to switch to fine-grained access tokens if they aren't already using Hugging Face tokens, and to update any keys or tokens that may have been exposed.
The company has engaged a third-party cybersecurity forensic expert to assist in investigating the incident and reviewing its security measures, and the incident has also been reported to law enforcement and data protection authorities.
No details about the alleged unauthorized access were released, and Hugging Face did not immediately respond to SC Media inquiries about the number of users affected or the origins of the intrusion.
AI secrets at risk
Multiple cyber attacks, data leaks, and vulnerabilities revealed in the past six months have put sensitive AI data at risk of theft and misuse.
In December, Lasso Security found that over 1,600 Hugging Face API tokens had been exposed on the platform and on GitHub, putting organizations like Microsoft and Google at risk for hacking and data theft.
Research published by Wiz in April also showed that malicious AI models could be used in cross-tenant attacks to compromise other models and projects. Wiz partnered with HuggingFace to mitigate the vulnerabilities.
In March, researchers at Oligo reported that a critical vulnerability in the open source AI framework Ray, discovered late last year, was being used to compromise AI workloads. In May, a critical RCE vulnerability in the open source llama-cpp-python package was found to affect more than 6,000 AI models that depended on the package.
Hugging Face offers several security measures for the AI models and projects hosted on the site, including malware scanning and scanning for unsecured secrets in app files.
Meanwhile, regulators are working to address new security risks arising from the AI boom. For example, CISA's updated AI guidelines, published in late April, provide guidance on using AI to defend critical infrastructure systems, developing secure AI systems, and preparing for AI-enabled attacks.
