
Hugging Face in the Media
41 mentions across press, blogs, and newsletters
July 2026
Hugging Face CEO Says Enterprises Are Done Renting AI
Clem Delangue has a pitch he repeats often enough that it now sounds like a mission statement: companies start on frontier APIs because it's easy, then the bill arrives, and they migrate to open models they can actually own. He made the case again this week on TechCrunch's Equity podcast, and the
NVIDIA and Hugging Face Bring New Models and Frameworks to LeRobot for the Open Robotics Community
Open source AI has shown how quickly developers can innovate when models, data and tools are shared. Robotics has the same opportunity, but advancements in physical AI development can still be gated by costly and fragmented resources, from large datasets and robot foundation models to simulation, co
June 2026
Hugging Face hosts nudification tools targeting a former Trump cabinet official and other senior US political figures
The tools are explicitly intended for generating deepfake nudes of a former Trump cabinet official, sitting members of Congress and a top American judge, a Transformer investigation found
Open Source Growth Boosts Together AI, Hugging Face
Anthropic and OpenAI are booming, but so are providers of open-source AI models and other cheaper alternatives, thanks to businesses using open-source to control their costs, we reported in detail this
Exclusive: Github and Hugging Face founders back AI agent startup Zaro’s $5.1m raise
London-based Zaro, which helps customers build custom AI agents, has raised a $5.1m round led by Cherry Ventures.
Critical Vulnerability in Hugging Face Transformers Enables Remote Code Execution Attacks
A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine
Hugging Face Vulnerability Allows Remote Code Execution
Hugging Face flaw allows RCE from malicious AI models. The post Hugging Face Vulnerability Allows Remote Code Execution appeared first on <a href="https://www.esecurityplanet.com
Critical vulnerability in Hugging Face Transformers library allowed arbitrary code execution
The vulnerability, tracked as CVE-2026-4372, was exploitable through a standard model-loading command, even when Hugging Face’s recommended security setting "trust_remote_code=False" was enabled.
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
A hig
Critical Hugging Face Transformers flaw ran attacker code on a routine model load
Pluto Security Inc. today disclosed a critical remote code execution vulnerability in Hugging Face Inc.’s Transformers library that allowed attacker-controlled artificial intelligence models to run arbitrary code on a victim’s machine. The flaw fired through a standard model-loading c
Open-Source AI, Hugging Face, and the Building Blocks of Modern AI Development
Open-source AI has made it much easier for developers to experiment with powerful models without building everything from scratch. Today, we have access to platforms, libraries, and tools that allow us to run text models, audio models, image-generation models, and even large language mode
May 2026
Hugging Face security analysis: ~70,000 live secrets and API keys, private repos, and leaky pics! 🤖🤗💦🔑😈
In his recent research, security researcher Dylan Ayrey presents the hidden security, privacy, and legal risks within the massive AI ecosystem surrounding Hugging Face, especially the various GitHub datasets that contain API keys, passwords, and other secrets.
Hugging Face’s new $2.5k LeRobot Humanoid brings 3D-printed robotics within reach
Humanoid robots remain out of reach for most people due to their high cost, often...
Hugging Face Hiding Second-Stage Malware for npm Supply Chain Attack
Tushar Subhra Dutta reports: Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into
Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack
Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into a malware delivery channel
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltratio
Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended
A lookalike repository impersonating OpenAI's Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face pulled it.
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
Hugging Face hosted malicious software masquerading as OpenAI release
A malicious Hugging Face repository that posed as an OpenAI release delivered infostealer malware to Windows machines and recorded about 244,000 downloads before removal, according to research from AI security firm HiddenLayer. The number of downloads may have been artificially inflated by the at
Malicious Hugging Face Repository Typosquats OpenAI
HiddenLayer reveals infostealer malware in a Hugging Face repository
A fake OpenAI repository has taken top spot on Hugging Face — but all it does is push infostealer malware
Its popularity may have been faked, though, as the "likes" all came from auto-generated accounts.
Trending Hugging Face Repository With 200k Downloads Executes Malware on Windows Machines
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named “Open-OSS/privacy-filter,” had racked up over 200,000 downloads before the platform’s team stepped in and removed it. The m
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
A mal
Fake OpenAI Hugging Face OpenAI Repo Pushed Infostealer Malware
A fake OpenAI-branded Hugging Face
Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware
A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundreds of likes befor
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, r
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. [...]
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from tradition
Hugging Face launches robot app store
Open-source AI platform Hugging Face will formally launch an app store Wednesday for its Reachy Mini robot, CEO Clément Delangue tells Axios.Why it matters: The goal is to help nontechnical people create customized uses for the open-source robot, Delangue
The app store for robots has arrived: Hugging Face launches open-source Reachy Mini App Store with 200+ apps
There's an app for nearly every imaginable user and use case these days, but one thing they all have in common is that they're centered around one device: the smartphone. That changes today as Hugging Face , the 10-year-old New York City startu
Hugging Face, ClawHub Abused for Malware Distribution
Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions. The post Hugging Face, ClawHub Abused for Malware Distribution appeared f
April 2026
Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks
A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attack
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), w
Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend
A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI model hosting platform, into both a malware delivery network and a stolen data storage backend. The campaign marks a clear shift in how attackers abuse legitimate cloud services to run suppl
Malicious npm Package Hijacks Hugging Face for Malware Delivery
Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campaign phases already used Hugging Face as a simp
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry point for thr
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Attackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high‑value infection points. The campaign combines pre-auth RCE, credential theft, lateral movem
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]
February 2026
Open-Source llama.cpp Finds Long-Term Home at Hugging Face
ggml.ai has joined Hugging Face to
ggml.ai joins Hugging Face to ensure the long-term progress of Local AI
ggml.ai joins Hugging Face to ensure the long-term progress of Local AI I don't normally cover acquisition news like this, but I have some thoughts. It's hard to overstate the impact Georgi Gerganov
Toolradar Research
See Hugging Face in context: The SaaS Press Index 2026
We analyzed 6,704 press mentions across 290 outlets to rank which SaaS tools win coverage. Find Hugging Face's position relative to the 488 most-covered tools.
Read the reportExplore Hugging Face
Press coverage is one signal. See the full picture.