techtimes

Open Source Robotics AI Reaches Inflection Point: LeRobot Hub Surpasses 58,000 Datasets in One Year

Hugging Face's LeRobot platform — a free, open-source framework for training AI models on physical robots — now hosts more than 58,000 community-contributed datasets, up from 1,145 at the end of 2024, ...
GitHub

Security scanner detecting Python Pickle files performing suspicious actions.

https://huggingface.co/ykilcher/totally-harmless-model/resolve/main/pytorch_model.bin:archive/data.pkl: global import '__builtin__ eval' FOUND ----- SCAN SUMMARY ...
theregister

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes ...
The Hacker News

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, ...
Nature

A Multimodal Dataset Addressing Motor Function in Autism

Although autism is primarily recognized as a condition characterized by social and emotional difficulties, substantial research highlights significant difficulties in action perception and motor ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
Hosted on MSN

Coastal Carpet Python Bites Snake Catcher's Nose During Removal From Shed

A snake catcher was bitten by a coastal carpet python on the face while removing it from a shed in Dundowran Beach, Queensland, on Sunday, April 13. Drew Godfrey, of Hervey Bay Snake Catchers, was ...
Dark Reading

Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities

Attackers are finding more and more ways to post malicious projects to Hugging Face and other repositories for open source artificial intelligence (AI) models, while dodging the sites' security checks ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
Infosecurity-magazine.com

Malicious AI Models on Hugging Face Exploit Novel Attack Technique

Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain ...
LinkedIn

Python Deserialization Attack: How to Build a Pickle Bomb

Important: All the scripts provided are intended for cybersecurity research and training purposes only. Do not use them to attack real-world systems. Deserialization is the process of converting data ...