AI Vulnerabilities Exposed: Hugging Face API Tokens Compromise Meta's Llama 2

December 4, 2023 at 02:00 PM

•

1 min read

AI Vulnerabilities Exposed: Hugging Face API Tokens Compromise Meta's Llama 2 — Photo: The Register

TL;DR Summary

Researchers at Lasso Security discovered over 1,500 exposed API tokens on the Hugging Face platform, including tokens from tech giants Meta, Microsoft, Google, VMware, and more. These exposed tokens granted write permissions, allowing potential attackers to modify files in account repositories. The researchers were able to gain access to 723 organizations' accounts, including those of Meta, EleutherAI, and BigScience Workshop. If exploited, these tokens could have led to data theft, poisoning of training data, and stealing of models, impacting over 1 million users. The exposed tokens have since been revoked and the vulnerabilities closed.

Topics:technology #ai-security-risks #api-tokens #cybersecurity #data-poisoning #hugging-face #supply-chain-attacks

Share this article

Exposed Hugging Face API tokens offered full access to Meta's Llama 2 The Register
Hugging Face dodged a cyber-bullet with Lasso Security's help VentureBeat
AI Vulnerabilities Exposed: Adversarial Attacks More Common and Dangerous Than Expected Neuroscience News
Meta AI Models Cracked Open With Exposed API Tokens - Meta AI Models Cracked Open With Exposed API Tokens DARKReading
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

91%

1,002 → 94 words

Want the full story? Read the original article

Read on The Register

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights