We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Hugging Face Reports Unauthorized Access to AI Platform

Hugging Face Reports Unauthorized Access to AI Platform
Author Image Keira Waddell
Keira Waddell Published on 4th June 2024 Former Senior Writer

AI tool development company Hugging Face has reported unauthorized access to its Spaces platform. This breach, detected earlier this week, has raised concerns about the security of AI and machine learning applications hosted on the platform. Hugging Face Spaces is widely used for creating, sharing, and discovering AI apps.

Hugging Face disclosed that the breach might have exposed some of the platform's secrets, which are essential pieces of information used to access protected resources. In response to the incident, the company swiftly revoked tokens associated with the compromised secrets and notified affected users via email. The company recommended that all users refresh their keys or tokens and switch to fine-grained access tokens for enhanced security.

"Earlier this week our team detected unauthorized access to our Spaces platform, specifically related to Spaces secrets," Hugging Face stated in a blog post. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization." The company has enlisted external cybersecurity experts to investigate the breach and has reported the incident to law enforcement and data protection authorities.

Hugging Face has since implemented several significant improvements to its infrastructure. These measures include removing organization tokens to increase traceability and audit capabilities, implementing a key management service for Spaces secrets, and enhancing the system's ability to identify and invalidate leaked tokens proactively.

The company also plans to phase out "classic" read and write tokens in favor of fine-grained access tokens, which offer tighter control over access to AI models.

This breach is the latest in a series of security challenges faced by Hugging Face. In April, cloud security firm Wiz discovered a vulnerability that could allow attackers to execute arbitrary code and gain cross-tenant access to other customers' models. Earlier in the year, security firm JFrog found evidence of malicious code uploaded to Hugging Face, which could install backdoors and other malware on user machines.

Additionally, HiddenLayer identified potential abuses of Hugging Face’s Safetensors serialization format, which could sabotage AI models.

As the AI sector continues its rapid growth, AI-as-a-service (AIaaS) providers like Hugging Face increasingly find themselves in the crosshairs of cyber attackers. The company has committed to using this incident as an opportunity to strengthen its security measures and protect its growing user base from future threats.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address