Hugging Face disclosed this week that it detected and contained a production infrastructure intrusion, driven end-to-end by an autonomous AI agent system, and defended against it using its own AI-based forensic analysis. The attackers exploited two code-execution flaws in Hugging Face’s dataset processing pipeline: a remote-code dataset loader and a template-injection vulnerability in dataset configuration. Once inside a processing worker, the actor escalated to node-level access, harvested cloud and cluster credentials, and moved laterally across several internal clusters over a single weekend. Unauthorized access affected a limited set of internal datasets and service credentials, though Hugging Face found no evidence that...
Read the full article at the source.
Comments (0)
No comments yet. Be the first to comment!