Hugging Face disclosed this week that it detected and contained a production infrastructure intrusion, driven end-to-end by an autonomous AI agent system, and defended against it using its own AI-based forensic analysis. The attackers exploited two code-execution flaws in Hugging Face’s dataset processing pipeline: a remote-code dataset loader and a template-injection vulnerability in dataset configuration. Once inside a processing worker, the actor escalated to node-level access, harvested cloud and cluster credentials, and moved laterally across several internal clusters over a single weekend. Unauthorized access affected a limited set of internal datasets and service credentials, though Hugging Face found no evidence that...
Läs hela artikeln hos källan.
Kommentarer (0)
Inga kommentarer ännu. Bli först med att kommentera!