Right now, Hugging Face provides a brand new mannequin on common each 7 seconds, and the platform now hosts almost 1.9 million fashions accessible to builders worldwide. This unprecedented scale — pushed by contributors globally, spanning each trusted establishments and impartial creators — fuels a wave of innovation whereas additionally reinforcing the necessity to safe the AI provide chain.
As highlighted in our earlier evaluation, AI provide chain dangers now permeate each stage of the AI lifecycle — from susceptible software program dependencies and malicious or backdoored mannequin recordsdata to poisoned or non-compliant datasets. Given this complexity, it’s more and more difficult for any single group to deal with these points alone. Efficient safety of the AI panorama requires shut collaboration throughout the group to safe AI.
Elevating AI Provide Chain Safety with Hugging Face
At Cisco, we’re on a mission to assist each group on the planet securely execute their AI technique. Right now, we’re taking this mission a step additional. We’re excited to announce a strategic relationship between the Basis AI workforce at Cisco and Hugging Face, bringing collectively the world’s main AI mannequin hub with Cisco’s experience in securing digital infrastructure.
As a part of this expanded collaboration, Cisco Basis AI will present the platform and scanning of each public file uploaded to Hugging Face — AI mannequin recordsdata and different recordsdata alike — in a unified malware scanning functionality powered by custom-fit detection capabilities in an up to date ClamAV engine.
By combining Hugging Face’s central function in open-source AI with Cisco’s complete malware scanning capabilities, this permits extra rigorous mannequin vetting, early detection of vulnerabilities, and shared risk intelligence — constructing higher belief and stronger safety throughout all the AI ecosystem.
“We’re thrilled to accomplice with Cisco Basis AI to assist safe Hugging Face customers. Now we have been scanning recordsdata with ClamAV, the free and open supply malware detection scanner from Cisco Talos, for just a few years. With ClamAV’s new replace we will now present complete safety in opposition to each conventional malware and threats distinctive to AI fashions—all with a single software. We’re grateful to Cisco to changing into our accomplice to scan all recordsdata uploaded to Hugging Face. By combining our management in open-source AI with Cisco’s deep cybersecurity experience, we’re empowering organizations and people worldwide to undertake AI with confidence”
Julien Chaumond, CTO, Hugging Face
As well as, because of our collaboration, we’re democratizing AI mannequin antimalware:
- ClamAV can now detect malicious code in AI fashions– We’re releasing this functionality to the world. Without cost. Along with its protection of conventional malware, ClamAV can now detect deserialization dangers in frequent mannequin file codecs akin to .pt and .pkl (in milliseconds, not minutes). This enhanced performance is accessible right now for everybody utilizing ClamAV.
- ClamAV is the one antivirus engine targeted on AI danger in VirusTotal– ClamAV is the one antivirus engine to detect malicious fashions in each Hugging Face and VirusTotal – a well-liked risk intelligence platform that can scan uploaded fashions.
We’re proud to ship our work on AI provide chain safety to Cisco clients and now, the higher AI and safety group. Extra is on the best way to assist defend AI builders from provide chain dangers.
Study Extra
The Cisco Basis AI workforce not too long ago launched Cerberus, a 24/7 guard for the AI provide chain. Cerberus inspects fashions as they enter Hugging Face, sharing leads to standardized risk feeds that Cisco Safety merchandise use to construct and implement granular entry insurance policies for the AI provide chain.
With the discharge of ClamAV 1.5, Cisco brings deeper visibility into the AI mannequin provide chain to the safety group. ClamAV 1.5 provides native assist for figuring out AI mannequin recordsdata throughout scanning to permit for model-specific detection logic and safer dealing with of embedded threats. Along with our signature updates (which don’t require ClamAV 1.5) to ClamAV, ClamAV is now positioned as a foundational software for securing the rising AI mannequin ecosystem. These capabilities are additionally accessible throughout the Cisco portfolio of merchandise with our Talos risk intelligence providers.
Customers of Cisco Safe Entry can configure how you can present entry to Hugging Face repositories, block entry to potential threats in AI fashions, block AI fashions with dangerous licenses, and implement compliance insurance policies on AI fashions that originate from delicate organizations or politically delicate areas.
We beforehand launched protections for Safe Endpoint, Safe E mail Risk Protection, Safe Entry and Safe Firewall. All current customers of Cisco Safe Endpoint and E mail Risk Protection are protected in opposition to malicious AI Provide Chain artifacts.
For extra info on the Basis AI workforce, try our web site and be at liberty to ship us a message!
We’d love to listen to what you assume! Ask a query and keep related with Cisco Safety on social media.
Cisco Safety Social Media
Share:
