Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust

A fundamental flaw in the AI supply chain, which allows attackers access to major platforms like Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects, has been discovered by Units 42 researchers.
Model Namespace Reuse happens when cloud providers’ model catalogs or codebase get a deleted or transferred model by name, and the issue leaves developers open to serious attack.
Attackers can target pipelines that deploy models based solely on their names, potentially allowing them to launch malicious models and gain code execution capabilities.
Hugging Face is a platform that enables AI developers to build, share, and deploy models and datasets, and namespaces are the identifiers of the models stored there.
Namespace reuse occurs when cloud provider model catalogs or code retrieve a deleted or transferred model by name.
By re-registering an abandoned namespace and recreating its original path, malicious actors can target pipelines that deploy models based solely on their name.
This allows attackers to deploy malicious models and gain code execution capabilities, among other impacts.

Fast Feed