2 min read

Hugging Face says AI agent breached production systems

Hugging Face says a fully autonomous AI agent carried out a multi-stage attack on its production infrastructure and accessed some internal data.

Image: TechRepublic

Hugging Face says it contained a high-velocity cyberattack on its production infrastructure that was carried out by a fully autonomous AI agent targeting AI supply chain systems.

In a security disclosure published Thursday, the company said attackers exploited weaknesses in its data-processing pipeline and gained unauthorized access to a limited number of internal datasets and several service credentials. Hugging Face said it is still investigating whether any customer or partner information was affected and will notify impacted parties directly if needed.

The company said it has found no evidence that public models, datasets, Spaces, container images, or published software packages were altered.

Recommended reading

CISA Flags Two Critical FortiSandbox Bugs Under Attack

How the attack moved through Hugging Face systems

According to Hugging Face, the breach started when a malicious dataset abused two code-execution paths in its dataset-processing system. The attackers then elevated privileges, collected cloud and cluster credentials, and moved across multiple internal clusters over a weekend.

Hugging Face said the campaign was executed by an autonomous agent framework that performed thousands of actions across short-lived computing environments while shifting its command-and-control infrastructure across public services. The company said the activity matches the long-discussed “agentic attacker” scenario, in which AI systems independently run complex, multi-stage operations at machine speed.

AI-assisted investigation and response

Hugging Face said its own AI-assisted security systems first flagged the intrusion by analyzing security telemetry for suspicious patterns. Investigators then used AI-driven analysis to review more than 17,000 attacker events, reconstruct the timeline, identify compromised credentials, and separate real damage from misleading activity.

The company also said commercial AI models were initially hard to use during the investigation because safety guardrails blocked analysis involving real attack commands and exploit data. Investigators instead used the open-weight GLM 5.2 model running on Hugging Face infrastructure.

After the incident, the company said it:

  • closed the vulnerable code-execution paths
  • rebuilt affected systems
  • revoked compromised credentials
  • tightened cluster security controls
  • strengthened detection and alerting systems

Hugging Face said it is also working with outside cybersecurity forensic specialists and has reported the incident to law enforcement. As a precaution, it is advising users to rotate access tokens and review recent account activity.

The company’s investigation is ongoing. For organizations building or deploying AI systems, the disclosure is a sharp warning that data pipelines — not just models — have become critical security targets.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TechRepublic

// Keep reading