Researchers from Palo Alto Networks have identified a new AI supply chain attack called ‘Model Namespace Reuse,’ which exploits the deletion or transfer of model names on platforms like Hugging Face to deploy malicious AI models. The attack demonstrates significant risks against cloud platforms such as Google Vertex AI and Microsoft Azure AI Foundry, as well as open source repositories, highlighting vulnerabilities in the AI ecosystem. #ModelNamespaceReuse #HuggingFace #VertexAI #AzureAIFoundry
Keypoints
- The ‘Model Namespace Reuse’ attack involves registering deleted or transferred model names to deploy malicious models.
- Threat actors can execute arbitrary code, including reverse shells, by exploiting this registration process.
- The attack has been demonstrated against Google’s Vertex AI and Microsoft’s Azure AI Foundry platforms.
- Many open source repositories referencing vulnerable models remain susceptible without proper safeguards.
- Mitigation strategies include pinning models to specific commits and scanning code for risky references.