New AI supply chain attack targets deleted model names

Researchers discovered a “Model Namespace Reuse” attack where threat actors register names of deleted or transferred AI models on platforms like Hugging Face to deploy malicious code. The attack was successfully demonstrated against Microsoft’s Azure AI Foundry and Google’s Vertex AI, where attackers gained access to underlying cloud infrastructure by exploiting orphaned model references. Thousands of open source repositories remain vulnerable to this technique, which exploits the common practice of referencing models by author and name format. Security experts recommend pinning models to specific commits and storing them in trusted locations rather than fetching from third-party services to prevent exploitation.

Read more:

https://www.securityweek.com/ai-supply-chain-attack-method-demonstrated-against-google-microsoft-products/