I scanned 2,500 Hugging Face models for malware/issues. Here is the data

https://news.ycombinator.com/rss Hits: 1
Summary

🛡️ Veritensor: AI Supply Chain Security Veritensor is the Zero-Trust security tool for the AI Supply Chain. It replace naive model scanning with deep AST analysis and cryptographic verification. Unlike standard antiviruses, Veritensor understands AI formats (Pickle, PyTorch, Keras, GGUF, Wheels) and ensures that your models: Are Safe: Do not contain malicious code (RCE, Reverse Shells, Lambda injections). Are Authentic: Have not been tampered with (Hash-to-API verification against Hugging Face). Are Compliant: Do not violate commercial license terms (e.g., CC-BY-NC, AGPL). Are Trusted: Can be cryptographically signed before deployment. 🚀 Features Deep Static Analysis: Decompiles Pickle bytecode and Keras Lambda layers to find obfuscated attacks (e.g., STACK_GLOBAL exploits). Now supports deep scanning of Zip archives (PyTorch) and Python Wheels . Decompiles Pickle bytecode and Keras Lambda layers to find obfuscated attacks (e.g., exploits). Now supports deep scanning of (PyTorch) and . Identity Verification: Automatically verifies model hashes against the official Hugging Face registry to detect Man-in-the-Middle attacks. Automatically verifies model hashes against the official Hugging Face registry to detect Man-in-the-Middle attacks. License Firewall: Blocks models with restrictive licenses (e.g., Non-Commercial, AGPL). Veritensor performs a hybrid check : it inspects embedded file metadata first, and automatically falls back to the Hugging Face API if metadata is missing (requires --repo ). Blocks models with restrictive licenses (e.g., Non-Commercial, AGPL). Veritensor performs a : it inspects embedded file metadata first, and automatically falls back to the Hugging Face API if metadata is missing (requires ). Supply Chain Security: Integrates with Sigstore Cosign to sign Docker containers. Includes timestamps to prevent replay attacks. Integrates with to sign Docker containers. Includes to prevent replay attacks. CI/CD Native: Ready for GitHub Actions, GitLab, ...

First seen: 2026-01-25 12:54

Last seen: 2026-01-25 12:54

Read Full Article More from this Source
Related News
Article on the History of Spot Instances: Analyzing Spot Instance Pricing Change
2026-01-25 · 1 hits
Alarm overload is undermining safety at sea as crews face thousands of alerts
2026-01-25 · 1 hits
ANN v3: 200ms p99 query latency over 100B vectors
2026-01-25 · 1 hits
The Rebirth of Pennsylvania's Infamous Burning Town
2026-01-25 · 2 hits
Two Weeks Until Tapeout
2026-01-25 · 13 hits