Hugging Face reports the detection of ‘unauthorized access’ to its AI model hosting platform

Hugging Face, an AI startup, disclosed on a late Friday afternoon that its security team had detected unauthorized access to Spaces, the platform for creating, sharing, and hosting AI models and resources. The intrusion involved accessing Spaces secrets, which are private pieces of information used as keys to unlock protected resources. Hugging Face suspects that some secrets may have been accessed by a third party without authorization.

As a precautionary measure, Hugging Face has revoked a number of tokens associated with these secrets. Users affected by the token revocation have been notified via email. The company recommends that all users refresh their keys or tokens and consider switching to fine-grained access tokens for enhanced security.

The exact extent of the breach and the number of affected users or apps were not immediately clear. Hugging Face is collaborating with external cybersecurity forensic specialists to investigate the incident thoroughly. Additionally, the company has reported the incident to law enforcement agencies and data protection authorities.

In response to the incident, Hugging Face expressed regret for any disruption caused and pledged to use the experience to strengthen the security of its entire infrastructure. The company attributed the increase in cyberattacks to its growing usage and the mainstream adoption of AI technology.