DEVOPSdigest

JFrog is partnering with Hugging Face, host of a repository of public machine learning (ML) models — the Hugging Face Hub — designed to achieve more robust security scans and analysis forevery ML model in their library.

The new integration is designed to provide higher levels of trust for scanning results by prominently displaying a “JFrog Certified” checkmark, so developers, data scientists, and ML Engineers know which models are safer to use.

“As ML models become integral to critical business applications, ensuring these models are secure is crucial for preventing breaches, data leaks, and decision-making errors,” said Asaf Karas, CTO of JFrog Security. “We’ve been working with Hugging Face since 2023 to help securely bring ML Models to production. We also found intentionally malicious models in Hugging Face in early 2024, which prompted us to dedicate more of our security experts to help scan and assess the well-being of all Hugging Face models to ensure they are safe for use in AI application development.”

JFrog Xray and JFrog Advanced Security – key components of the JFrog Software Supply Chain Platform – are designed to scan AI/ML model artifacts for threats at every stage of their lifecycle. These threats include model serialization attacks, known CVEs, backdoors, and more. Now Hugging Face will utilize JFrog Advanced Security scans in its Hugging Face Hub, allowing each model contained within the platform to be scanned in advance of being downloaded for use. The results of each scan will be prominently displayed for all users to see.

This new advanced security integration between Hugging Face and JFrog differs from existing ML model scanners due to JFrog’s malicious code decompilation and deep data flow analysis. While existing solutions simply check for automatically-executed code embedded in a model, JFrog’s model scanner uses an enhanced approach to extract and analyze the embedded code which eliminates more than 96% of false positives produced by other scanners on current Hugging Face models.

In addition, JFrog’s enhanced analysis highlighted 25 models as zero-day malicious in nature. These are machine learning models hosted in Hugging Face which were not identified as malicious by any other scanner available for Hugging Face based on our evaluation.

“For a long time, AI was a researcher’s field, and the security practices were quite basic, but as the popularity and widespread use of AI grows, so do the number of potentially bad actors who may want to target the AI community in general and our platform more specifically,” said Julien Chaumond, CTO, Hugging Face. “As the leading collaboration platform for AI models, we’re delighted to deepen our partnership with JFrog to implement high-quality scanning capabilities for our AI/ML models and deliver greater peace of mind for developers looking to create the next generation of AI-powered applications.”