News
CAPACITY TEST:

Hugging Face Says AI Agent Drove Production Infrastructure Intrusion

Newsroom brief

Hugging Face said an autonomous AI agent system drove an intrusion into part of its production infrastructure, reaching internal datasets and service credentials. The company said public models, datasets and Spaces were not tampered with, while its assessment of partner or customer data remains unfinished.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
Hugging Face Says AI Agent Drove Production Infrastructure Intrusion
Image source: Hugging Face Blog

An autonomous AI agent system drove an intrusion into part of Hugging Face’s production infrastructure, according to the company’s July 2026 security disclosure.

The incident involved unauthorised access to a limited set of internal datasets and several service credentials.

Hugging Face reported no evidence of tampering with public user-facing models, datasets or Spaces, and its disclosure listed container images and published packages as verified clean.

Malicious Dataset Reached Processing Infrastructure

The intrusion began in Hugging Face’s data-processing pipeline.

The disclosure identified two abused code-execution paths: a remote-code dataset loader and template injection in a dataset configuration.

Those paths let code run on a processing worker.

After that access, the actor obtained node-level privileges, collected cloud and cluster credentials, and moved across several internal clusters during a weekend.

The disclosure described the campaign as the work of an autonomous agent framework that appeared to be built on an agentic security-research harness.

The model used by the attacker remains unknown, and the campaign executed many thousands of actions across short-lived sandboxes.

Credentials Rotated And Entry Paths Closed

The remediation closed the dataset code-execution paths used for initial access and removed the attacker’s foothold from affected clusters.

Compromised nodes were rebuilt, and affected credentials and tokens were revoked and rotated.

The remediation also included a broader precautionary rotation of secrets, stricter admission controls on clusters and high-severity alerting designed to page a responder in minutes.

Hugging Face is working with outside cybersecurity forensic specialists and has reported the incident to law enforcement agencies.

For users, the company recommended rotating access tokens and reviewing recent account activity.

The disclosure gave [email protected] as the contact point for affected users or security reports.

LLM Analysis Rebuilt More Than 17,000 Events

AI-assisted detection first surfaced the compromise, according to the disclosure.

Its anomaly-detection pipeline uses LLM-based triage over security telemetry, and correlated signals flagged the incident.

The response team then ran LLM-driven analysis agents over the attacker action log, which contained more than 17,000 recorded events.

That review reconstructed the timeline, extracted indicators of compromise, mapped touched credentials and separated genuine impact from decoy activity.

Hosted frontier-model APIs were not used for the forensic review after providers’ safety guardrails blocked requests containing real attack commands, exploit payloads and command-and-control artefacts.

The response team instead ran the analysis on GLM 5.2, an open-weight model, on company infrastructure so attacker data and referenced credentials did not leave that environment.

Undisclosed items include any affected partner or customer data, the model that powered the attacker’s agents, and any law-enforcement attribution for the actor.

Share this article
inXf

Related articles

More
Sysdig Says AI Ransomware Still Needed Human Setup
Cybersecurity

Sysdig Says AI Ransomware Still Needed Human Setup

Sysdig described JadePuffer as agentic ransomware, but Michael Clark said a human still chose the victim, provisioned infrastructure and supplied database credentials before the AI agent executed the attack.

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda
Cybersecurity

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda

CISA added exploited Android and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog. The Android flaw affects Android 14 through 16, while the Linux issue centers on older kernel branches and cgroups v1 container environments. The immediate test is whether agencies and infrastructure operators apply vendor updates or mitigations by CISA's June 5 deadline.

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem
Cybersecurity

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem

Palo Alto Networks shares fell more than 4% after stronger quarterly results and current-quarter guidance failed to satisfy investors looking for faster AI-linked earnings upside. CEO Nikesh Arora reiterated a fiscal 2030 target of more than 4,000 platformizations and a USD 20 billion NGS ARR goal. The practical question is whether AI-related security demand turns into NGS ARR progress as data center infrastructure is ordered, installed and brought online.

CISA Tightens GitHub Controls After May AWS Key Leak
Cybersecurity

CISA Tightens GitHub Controls After May AWS Key Leak

CISA said privileged AWS GovCloud keys from a contractor appeared in a public GitHub repository in May, prompting secret rotation, repository monitoring and new incident playbooks. The agency said logs showed no customer or mission data exposure, but it did not name the contractor, repository, exposure window or exact AWS permissions.

IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline
Cybersecurity

IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline

Japan’s Information-technology Promotion Agency published a Japanese translation of CISA’s Cross-Sector Cybersecurity Performance Goals Version 2.0 for domestic critical infrastructure operators. The guidance covers IT and operational technology, maps goals to NIST CSF 2.0, and frames the controls as minimum practices rather than a full cybersecurity program. The practical question is whether asset owners use the worksheet to rank gaps by cost, complexity and impact, then review progress after 12 months.

AI Coding Push Turns Developers Into a Prime Cybersecurity Target
Cybersecurity

AI Coding Push Turns Developers Into a Prime Cybersecurity Target

A Japanese @IT analysis says attackers are increasingly targeting developers because AI coding tools, OSS, CI/CD pipelines and cloud services concentrate valuable credentials around them. The report highlights vulnerable AI-generated code, fake recruiting approaches, polluted open-source packages and GitHub Actions-style automation attacks. The practical warning is that companies need stronger identity, dependency and workflow controls rather than relying only on individual developer caution.

Keep Reading

More Stories

Latest
Palm Beach Rejects 600 MW Project Tango AI CampusCloud & Data CentersJul 17, 2026Palm Beach Rejects 600 MW Project Tango AI CampusData Center Knowledge reported that Palm Beach County commissioners voted 5–1 to reject Project Tango, a proposed 600 MW AI data centre campus. Jefferies tied Florida Power & Light’s plan through 2032 to about 6 GW of prospective data centre load, while the project can return with a revised proposal.CapBay And MDEC Open RM200 Million Debt Pool For Malaysian Tech FirmsFintech & Digital PaymentsJul 17, 2026CapBay And MDEC Open RM200 Million Debt Pool For Malaysian Tech Firmse27 reported that CapBay and MDEC opened a RM200 million (~US$47.1 million) debt financing pool for Malaysia Digital-status technology companies. The programme offers applications of up to RM3 million and uses AI credit assessment, but participating borrowers and disbursement timing remain undisclosed.Abu Dhabi Tabadul Hub Adds Botswana As First African MarketCapital & PolicyJul 17, 2026Abu Dhabi Tabadul Hub Adds Botswana As First African MarketEconomy Middle East reported that the Botswana Stock Exchange signed an agreement with Abu Dhabi Securities Exchange Group to become Tabadul’s 11th market and first African participant. ADX said the hub covers more than $1 trillion in combined market capitalisation, but the report did not give an integration date or list the first tradable Botswana instruments.Walden Robotics Raises $300M For Wheeled Factory RobotsAIJul 17, 2026Walden Robotics Raises $300M For Wheeled Factory RobotsAI Business reported that Walden Robotics emerged from stealth with $300 million in seed funding, a $1.1 billion valuation and robots already working at a Toyota plant in North America. The company has not named order volumes, contract values, robot counts or deployment dates beyond the Toyota site.Amazon Data Centre In Telangana Draws Rs 1 Lakh Crore Investment RequestCloud & Data CentersJul 17, 2026Amazon Data Centre In Telangana Draws Rs 1 Lakh Crore Investment RequestPress Trust of India reported that Telangana Chief Minister A Revanth Reddy laid the foundation stone for an Amazon data centre at Bharat Future City and asked the company to invest Rs 1 lakh crore by 2034. The report lists Amazon India cloud targets, but not the site capacity, anchor customers or power arrangements.General Compute Lands $400 Million Loan For Inference ChipsCloud & Data CentersJul 17, 2026General Compute Lands $400 Million Loan For Inference ChipsTechCrunch reported that General Compute landed a $400 million Upper90 loan backed by inference-specific chips, extending chip-backed AI infrastructure financing beyond GPUs. The company did not disclose chip quantities, loan pricing, customer contracts, utilisation commitments or revenue.Nvidia Japan AI Factory Plan Lists 140MW CapacityCloud & Data CentersJul 17, 2026Nvidia Japan AI Factory Plan Lists 140MW CapacityTech Wire Asia reported that Nvidia’s Japan expansion includes a 140-megawatt AI factory using 13,750 Vera CPUs and 27,500 Rubin GPUs for the METI-backed FRONTia Project. The report did not name the site, capital cost, power supplier, construction timetable or first enterprise workloads.South Korea Targets Year-End Launch For Security AI ModelAIJul 17, 2026South Korea Targets Year-End Launch For Security AI ModelThe Register reported that South Korea is developing a security-focused AI model for sovereign bug-finding capability, with Deputy Prime Minister Bae Kyung-hoon linking the work to Anthropic Mythos. The report did not disclose the training dataset, project budget, benchmarks or deployment terms.Open-Weight AI Model Backdoor Test Costs Less Than $100AIJul 17, 2026Open-Weight AI Model Backdoor Test Costs Less Than $100The Register reported that Katie Paxton-Fear installed a backdoor in an open-weight AI model in about an hour for less than $100. The experiment points to model-poisoning risk, but the cited public examples do not identify a widely deployed poisoned model or affected customers.7-Eleven Philippines Extends Cashless Payments Past 4,000 StoresFintech & Digital PaymentsJul 17, 20267-Eleven Philippines Extends Cashless Payments Past 4,000 StoresCompany records put cashless payment acceptance at more than 1,000 7-Eleven stores at the end of 2025 and more than 4,000 by the end of May 2026.Xi Backs Shanghai AI Governance Body After 29-Country DealAIJul 17, 2026Xi Backs Shanghai AI Governance Body After 29-Country DealCNBC reported that Xi Jinping used a Shanghai AI speech to position China as a Global South technology partner after 29 countries signed an agreement to establish the World Artificial Intelligence Cooperation Organization. The address named cooperation with ASEAN, the African Union and BRICS, but did not identify WAICO members, funding or enforcement powers.US Lawmakers Seek Ban On Chinese Memory PurchasesChips & SemiconductorsJul 17, 2026US Lawmakers Seek Ban On Chinese Memory PurchasesRepresentatives John Moolenaar and George Whitesides urged the Commerce Department to restrict US purchases from YMTC and CXMT as memory prices are expected to stay high through at least 2028.