Arbitrary Code Execution via PyTorch Pickle Serialization
Technical analysis of Python's Pickle Virtual Machine vulnerabilities in ML models, __reduce__ method exploitation, and transitioning to Safetensors.
6 docs tagged with "huggingface"
View all tagsGit LFS Pointer Attacks: Exploiting Model Integrity in the Supply Chain
A deep technical analysis of how attackers exploit Git LFS pointers to substitute legitimate ML models with malicious binaries, and how to cryptographically verify artifact integrity.
Hugging Face Token Exposure: The Supply Chain Poisoning Vector
Architectural risks of compromising Hugging Face 'Write' tokens. How token leakage leads to the deployment of backdoors (Pickle RCE) within ML artifacts.
PyTorch Malware: The Structural Flaws of torch.load
A deep architectural analysis of the PyTorch .pt Zip archive format, the myth of safe state_dict loading, and the limitations of weights_only=True.
Secure Consumption of Hugging Face Artifacts
Technical analysis of Pickle Virtual Machine vulnerabilities, Git LFS pointer manipulation, and enforcing cryptographic integrity for downloaded ML models.
Securing the Dual-Track AI Supply Chain: PyPI and Hugging Face
A deep technical analysis of the dual-track AI supply chain: mitigating index resolution vulnerabilities in Python dependencies and identifying mathematical backdoors in ML artifacts.