Flaw in AI Libraries Exposes Models to Remote Code Execution

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face. Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

First seen on govinfosecurity.com

Jump to article: www.govinfosecurity.com/flaw-in-ai-libraries-exposes-models-to-remote-code-execution-a-30519