近日,知名AI模型平台Hugging Face被曝出存在API令牌漏洞,这让黑客有了可乘之机,可以获取包括微软、谷歌、Meta等公司在内的大量企业模型库权限。网络安全公司Lasso Security在调查过程中发现了这一问题。
这个漏洞的存在让黑客能够访问Hugging Face平台上的模型库,对训练数据进行污染,或者窃取、修改AI模型。这对于广大使用该平台的用户和企业来说,无疑是一个严重的安全风险。
Hugging Face是一家总部位于美国的AI技术公司,提供了一套完整的AI模型开发、部署和管理解决方案。该公司表示,他们已经在得知漏洞后采取了一系列措施,以保障用户数据和模型的安全。
这一事件再次提醒我们,随着AI技术的广泛应用,网络安全问题也越来越重要。企业和开发者需要不断提高安全意识,防范潜在的网络风险。
Title: Hugging Face AI platform reveals API token vulnerability
Keywords: AI platform, Hugging Face, API vulnerability, model library permissions, Microsoft, Google, Meta
News content:
Recently, the well-known AI model platform Hugging Face has exposed a vulnerability in its API tokens, allowing hackers to gain access to the model library permissions of numerous companies including Microsoft, Google, and Meta. The security company Lasso Security discovered this issue during its investigation.
The existence of this vulnerability allows hackers to contaminate training data, steal or modify AI models on the Hugging Face platform. This poses a serious security risk for both individuals and organizations using the platform.
Hugging Face is an AI technology company headquartered in the United States that provides a complete solution for AI model development, deployment, and management. The company states that they have taken various measures to ensure the security of user data and models since learning of the vulnerability.
This event reminds us once again that with the widespread application of AI technology, network security becomes increasingly important. Enterprises and developers need to continuously improve their security awareness to prevent potential network risks.
【来源】https://www.ithome.com/0/737/128.htm
Views: 1