Hugging Face AI Models Vulnerable to Tokenizer File Manipulation

A tokenizer library file in Hugging Face AI models can be altered to manipulate model outputs and exfiltrate data. The attack involves tweaking a single file within the package, enabling unauthorized control over the model’s behavior. No specific threat actors, dates, or CVE identifiers were mentioned in the report. The vulnerability affects Hugging Face-hosted AI models, particularly those relying on the compromised tokenizer component. The impact includes potential data theft and malicious output generation. The technique highlights risks in supply chain integrity for AI model dependencies.