Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

Our research revealed how attackers could leverage Hugging Face, the popular AI development and collaboration platform, to carry out an AI supply chain attack that could impact tens of thousands of developers and researchers. The attack, dubbed "AIJacking", is a variant of the infamous RepoJacking attack. The attack could lead to remote code execution and hijacking heavily used models and datasets from Hugging Face with over 100,000 downloads. The research techniques we employed, presented in this article, …

ai development ai platform attack attackers collaboration collaboration platform developers development hugging face impact legit platform popular repojacking repojacking attack research researchers supply supply chain supply chain attack threats vulnerability