Dark Reading

'Sleepy Pickle' Exploit Subtly Poisons ML Models

Researchers have concocted a new way of manipulating machine learning (ML) models by injecting malicious code into the process of serialization. The method focuses on the "pickling" process used to ...
Infosecurity-magazine.com

Malicious AI Models on Hugging Face Exploit Novel Attack Technique

Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain ...
Dark Reading

Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities

Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites' security checks ...
heise online

Hugging Face: Malicious ML models uncovered on development platform

IT researchers have discovered malicious ML models on the Hugging Face AI development platform. Attackers could use them to infiltrate commands. IT researchers have discovered maliciously manipulated ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.