Malicious ML Models Discovered on Hugging Face
Cybersecurity researchers have identified two malicious machine learning (ML) models hosted on Hugging Face, utilizing a unique method involving “broken” pickle files to evade detection. This discovery raises significant concerns regarding the security of machine learning models and the platforms that host them.
Details of the Discovery
According to a report by ReversingLabs researcher Karlo Zanki, the pickle files extracted from the PyTorch archives contained malicious Python content embedded at the beginning of the file. This technique allowed the models to bypass standard detection mechanisms.
Key Points
- Two malicious ML models were found on Hugging Face.
- The models used flawed pickle files to conceal their harmful content.
- Malicious code was located at the start of the pickle files, facilitating evasion of detection.
- This incident highlights vulnerabilities in the security of machine learning frameworks and repositories.
Conclusion
The discovery of these malicious models underscores the importance of vigilance in the cybersecurity landscape, particularly concerning the integrity of machine learning resources. Users and developers must remain cautious and implement robust security measures to protect against such threats.




