Skip to main content
CybersecurityVulnerability Management

Exploiting Vulnerabilities: Malicious ML Models on Hugging Face Use Flawed Pickle Format to Bypass Detection

Exploiting Vulnerabilities: Malicious ML Models on Hugging Face Use Flawed Pickle Format to Bypass Detection

Malicious ML Models Discovered on Hugging Face

Cybersecurity researchers have identified two malicious machine learning (ML) models hosted on Hugging Face, utilizing a unique method involving “broken” pickle files to evade detection. This discovery raises significant concerns regarding the security of machine learning models and the platforms that host them.

Details of the Discovery

According to a report by ReversingLabs researcher Karlo Zanki, the pickle files extracted from the PyTorch archives contained malicious Python content embedded at the beginning of the file. This technique allowed the models to bypass standard detection mechanisms.

Key Points

  • Two malicious ML models were found on Hugging Face.
  • The models used flawed pickle files to conceal their harmful content.
  • Malicious code was located at the start of the pickle files, facilitating evasion of detection.
  • This incident highlights vulnerabilities in the security of machine learning frameworks and repositories.

Conclusion

The discovery of these malicious models underscores the importance of vigilance in the cybersecurity landscape, particularly concerning the integrity of machine learning resources. Users and developers must remain cautious and implement robust security measures to protect against such threats.