据安全公司 Lasso Security 报道,AI 模型平台 Hugging Face 上存在 API 令牌漏洞,黑客可获取微软、谷歌、Meta 等公司的令牌,并能够访问模型库,污染训练数据或窃取、修改 AI 模型。该漏洞影响范围广泛,且攻击者可以利用该漏洞获取敏感信息,危害 AI 模型的安全。
Hugging Face 是一个知名的 AI 模型平台,提供了各种开源的 AI 模型,供人们使用和训练。然而,该平台近期发现 API 令牌漏洞,令黑客有机可乘。攻击者可通过该漏洞获取到 Microsoft、谷歌等公司的令牌,进而访问其模型库,造成数据污染或篡改 AI 模型。
此次漏洞影响范围十分广泛,不仅对 AI 模型的安全造成了威胁,也对数据安全和隐私保护提出了警示。安全公司 Lasso Security 表示,已向 Hugging Face 反馈了该漏洞,并呼吁用户尽快更新 API 密钥,以避免进一步损失。
此外,AI 模型平台 Hugging Face 也表示,将尽快修复该漏洞,加强安全措施,为用户提供更加安全、可信的服务。
英文翻译:
Title: AI Platform Hugging Face’s API Token Vulnerability, Hackers Can Access Microsoft, Google, and Meta’s Model Libraries
Keywords: Hugging Face, API token vulnerability, Microsoft, Google, security company, Lasso Security, model library, polluted training data, steal AI models
News content:
According to a report by security company Lasso Security, there is an API token vulnerability in the AI platform Hugging Face, which allows hackers to obtain tokens from Microsoft, Google, and other companies and access their model libraries. This can lead to data pollution or the theft and modification of AI models. The vulnerability affects a wide range of AI models and can pose a threat to the security of AI models.
Hugging Face is an influential AI model platform that provides various open-source AI models for use and training. However, recent reports have revealed an API token vulnerability in the platform, which can be exploited by attackers to obtain tokens from other companies and access their model libraries. This can result in data pollution or the theft and modification of AI models.
The impact of this vulnerability is widespread and can pose a threat to the security of AI models as well as data security and privacy protection. Lasso Security has urged users to update their API keys immediately to avoid further losses.
Furthermore, the AI platform Hugging Face has also stated that it will soon fix the vulnerability and strengthen security measures to provide more secure and reliable services for users.
【来源】https://www.ithome.com/0/737/128.htm
Views: 1