A major collaboration between Hugging Face and VirusTotal aims to strengthen AI security by integrating threat-intelligence capabilities into the Hugging Face platform.
What Happened
The partnership brings together two industry giants in the field of artificial intelligence (AI) and cybersecurity. Hugging Face, a leading open platform for machine learning models and datasets, has teamed up with VirusTotal, a renowned threat-intelligence and malware analysis powerhouse. The collaboration will provide unparalleled visibility into machine learning security, empowering users to make informed decisions about file integrity.
According to the sources, the integration of VirusTotal checks into Hugging Face's platform will enable automatic file hash comparison against VirusTotal's database, retrieving status and metadata without divulging raw file contents. This mechanism will provide valuable context to users and organizations before they download or integrate files from the Hub.
Background and Context
The collaboration is a response to the growing need for AI security in the industry. As AI adoption grows, so do the threats targeting AI models and datasets. Malicious payloads disguised as model files or archives, compromised binaries linked to known malware campaigns, and dependencies or serialized objects that execute unsafe code when loaded are just some of the risks facing the community.
Hugging Face's vast repository hosts an astonishing 2.2 Million public model artifacts, each harboring a complex array of risks and hidden dangers. The platform's scale is fueling a wave of innovation but also reinforcing the need to secure the AI supply chain. By integrating VirusTotal's threat-intelligence capabilities, Hugging Face aims to provide a safer machine learning community by design.
Why it Matters
The collaboration between Hugging Face and VirusTotal has significant implications for the industry. It promises to usher in an era of transparency, safety, efficiency, and trust within the open-source AI community. By providing unparalleled visibility into machine learning security, users can make informed decisions about file integrity, reducing the risk of malicious assets spreading.
The partnership also highlights the importance of collaboration across the community to secure AI. As Anderson and Fordyce from Cisco's Foundation AI team noted, "AI supply chain risks now permeate every stage of the AI lifecycle — from vulnerable software dependencies and malicious or backdoored model files to poisoned or non-compliant datasets." Effective security of the AI landscape requires close collaboration across the community.
What Comes Next
The collaboration between Hugging Face and VirusTotal is just the beginning. The partnership promises to democratize AI model antimalware, making it more accessible to developers worldwide. As a result of the collaboration, Cisco Foundation AI and Hugging Face are releasing new features, including ClamAV's ability to detect malicious code in AI models.
The future of AI security looks bright with this collaboration. By working together, industry leaders can build stronger defenses against evolving threats, making the AI landscape safer for all.
Key Facts
- Hugging Face and VirusTotal have collaborated to integrate threat-intelligence capabilities into the Hugging Face platform.
- The partnership aims to provide unparalleled visibility into machine learning security, empowering users to make informed decisions about file integrity.
- Automatic file hash comparison against VirusTotal's database will be used to retrieve status and metadata without divulging raw file contents.
- Hugging Face hosts an astonishing 2.2 Million public model artifacts, each harboring a complex array of risks and hidden dangers.
- The collaboration promises to usher in an era of transparency, safety, efficiency, and trust within the open-source AI community.