Writing secure code is hard. When you learn a language, a module or a framework, you learn how it supposed to be used. When thinking about security, you need to think about how it can be misused.
The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...
Memory files can help artificial intelligence (AI) perform better, but researchers have found they are also a persistent trouble spot. AI memory files and context data help personalize requests and ...
Additionally, it includes a heavily customized fork of msgpack-numpy, with corrected round-trip behaviour for np.float64 objects. This will automatically install/upgrade all dependencies. numpy and ...
dill extends Python's pickle module for serializing and de-serializing Python objects to the majority of the built-in Python types. Serialization is the process of converting an object to a byte ...
Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes ...
Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites' security checks ...
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files ...
The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果