# huggingface

12 articlestagged with “huggingface”

smolagents Security Analysis

Security analysis of Hugging Face smolagents including code execution risks and tool trust boundaries.

agentic-exploitationsmolagentssecurityhuggingface

Intermediate

Hugging Face Inference Endpoints Security

Security analysis of Hugging Face Inference Endpoints including model isolation and API security.

inferencesecuritycloudhuggingfaceendpoints

Intermediate

Model Supply Chain Risks

Attack vectors in the AI model supply chain, including malicious model files, pickle exploits, compromised model registries, and dependency vulnerabilities.

supply-chainpicklemodel-fileshuggingfaceserialization

Intermediate

AI Supply Chain Exploitation

Methodology for exploiting the AI/ML supply chain: model serialization RCE, dependency confusion, dataset poisoning, CI/CD injection, and container escape.

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

Expert

AI Supply Chain Deep Dive

Deep analysis of AI supply chain security threats including sleeper agents, slopsquatting, malicious model uploads, pickle deserialization exploits, and model provenance verification challenges.

supply-chainsleeper-agentsslopsquattingpicklehuggingfacemodel-provenanceinfrastructure

Advanced

Hugging Face Hub Security

Attack surface analysis of Hugging Face Hub: malicious model uploads, pickle deserialization exploits, model card manipulation, trust signal limitations, gated model bypass, and community-driven trust exploitation.

huggingfacemodel-hubpickledeserializationtrust-signalsgated-modelsmalicious-uploads

Advanced

Model Hub Supply Chain Attack

Attacking the ML model supply chain through hub repositories like Hugging Face, including typosquatting, model poisoning, and repository manipulation techniques.

infrastructuresupply-chainmodel-hubhuggingfacesecurity

Advanced

Hugging Face Security Audit Walkthrough

Step-by-step walkthrough for auditing Hugging Face models: scanning for malicious model files, verifying model provenance, assessing model card completeness, and testing Spaces and Inference API security.

huggingfacesecurity-auditsupply-chainmodel-scanningprovenancewalkthrough

Beginner

HuggingFace Spaces Security Testing

End-to-end walkthrough for security testing HuggingFace Spaces applications: Space enumeration, Gradio/Streamlit exploitation, API endpoint testing, secret management review, and model access control assessment.

huggingfacespacesgradiostreamlitapi-testingmodel-hubwalkthrough

Intermediate

Hugging Face Hub Red Team Walkthrough

Walkthrough for assessing AI models on Hugging Face Hub: model security assessment, scanning for malicious models, Transformers library testing, and Spaces application evaluation.

huggingfacemodel-hubtransformersmalicious-modelssupply-chainwalkthrough

Beginner

Cloud AI Platform Walkthroughs

Hands-on walkthroughs for red teaming AI systems deployed on major cloud platforms: AWS Bedrock, Azure OpenAI, Google Vertex AI, and Hugging Face Hub.

platformscloudawsazuregcphuggingfacewalkthrough

Intermediate

Testing Hugging Face Hosted Models

Red team testing guide for models hosted on Hugging Face including Inference API and Spaces.

walkthroughsplatformshuggingfacehosted

Intermediate