Hugging-Face

3 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

ATLAS OWASP CRITICAL The Hacker News May 11, 2026 ▲ 8.5

Typosquatted OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244K Users

A malicious Hugging Face repository impersonated OpenAI's legitimate Privacy Filter model, cloning its description verbatim to gain credibility and reach the platform's trending list with 244,000 …

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP HIGH BleepingComputer May 10, 2026 ▲ 8.2

Fake OpenAI Repository on Hugging Face Delivers Rust-Based Infostealer

A malicious Hugging Face repository impersonating OpenAI's 'Privacy Filter' project reached #1 on the platform's trending list and accumulated 244,000 downloads before removal, delivering a …

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP MEDIUM Hugging Face Blog Apr 27, 2026 ▲ 6.2

Hugging Face 'Spaces' now acts as an MCP-App-Store. Anybody thinking on the security consequence?

Hugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. …

AML.T0051 - LLM Prompt Injection AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service