Lasso Security Uncovers Critical Vulnerabilities in Hugging Face Repositories Exposing Sensitive AI Assets

Lasso Security reported that misconfigurations and access control issues in thousands of public and private Hugging Face repositories exposed secrets, API keys, model weights, and training data belonging to organizations using the platform.[rich_content:0] The researchers demonstrated that attackers could leverage these exposed assets to steal proprietary models, compromise SaaS and cloud resources, or poison AI supply chains.[rich_content:0] Hugging Face responded by rotating affected credentials, tightening repository permissions, and introducing new security tooling and guidance for users.[rich_content:0]

According to Lasso Security, misconfigurations and access control issues in thousands of Hugging Face repositories exposed secrets, API keys, model weights, and training data, enabling potential theft of proprietary models, compromise of SaaS and cloud resources, and large-scale AI supply chain attacks.[1][2][6] Hugging Face reportedly responded by rotating affected credentials, tightening permissions, and adding security tooling and guidance for users. From a CyberSE.AI perspective, this is primarily an AI supply chain and SaaS exposure issue: organizations relying on third-party model hubs need rigorous SBOM, token management, and access control reviews, as well as continuous monitoring for exposed credentials and unauthorized changes to models or datasets. CyberSE.AI would recommend formalizing supplier risk assessments for AI platforms, enforcing secrets scanning in CI/CD, and implementing provenance and integrity checks (e.g., signed models/datasets) so that any tampering or unauthorized model access is quickly detected and contained.