AI cybersecurity startup Lasso has discovered more than 1,600 valid Hugging Face API tokens exposed in code repositories, providing access to hundreds of organizations' accounts.
Leaked secrets, such as tokens, have long been the focus of code-hosting platforms and security researchers, given the high risk they pose when falling into the wrong hands.
Hugging Face API tokens, which allow developers and organizations to integrate large language models and manage Hugging Face repositories, are no different.
A provider of tools for building machine learning applications, Hugging Face is a popular resource for the developers of LLM projects, providing them with access to hundreds of thousands of AI models and datasets in its repository.
In November 2023, Lasso's researchers started hunting for exposed Hugging Face API tokens on both Hugging Face and GitHub, eventually identifying 1,681 leaked valid tokens across both platforms.
These tokens, the researchers say, provided access to 723 organizations' accounts, some pertaining to large organizations such as Google, Meta, Microsoft, VMware, and others.
Some of the tokens, the security firm says, provided full access to the accounts of organizations that own models with millions of downloads.
The leaked tokens, Lasso says, also expose the repositories to private model theft and to training data poisoning, an attack technique impacting the integrity or ML models.
During Lasso's investigation, Hugging Face deprecated its org api tokens and blocked their use in its Python library.
While this essentially removed write permissions to the impacted repositories, it did not block read permissions.
Lasso says it has informed the affected users and organizations of its findings and that many of them took immediate action, revoking the tokens and removing the public access token code.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 05 Dec 2023 17:13:22 +0000