Malicious ML Models on Hugging Face Exploit Broken Pickle Format

Nikita Shekhawat
Nikita Shekhawat

Junior SEO Specialist

 
February 11, 2025
2 min read

In a recent discovery, cybersecurity researchers have found two malicious machine learning (ML) models on Hugging Face that use a "broken" pickle file technique to evade detection. These models, more of a proof-of-concept (PoC) than an active supply chain attack, contain a reverse shell payload that connects to a hard-coded IP address. The pickle serialization format, widely used for distributing ML models, has been identified as a security risk due to its potential to execute arbitrary code upon loading and deserialization. The identified models, stored in the PyTorch format, were compressed using the 7z format instead of the default ZIP, allowing them to bypass Hugging Face's security tool, Picklescan. This highlights the need for improved security measures in ML model distribution. Source: The Hacker News

The Threat of Malicious ML Models

The approach used by these models, dubbed nullifAI, is a clear attempt to bypass existing safeguards designed to identify malicious models. The pickle files extracted from the PyTorch archives reveal malicious Python content at the beginning of the file, which is a typical platform-aware reverse shell. This discovery underscores the importance of robust security protocols in the ML community.

The Role of Pickle Files in Security Risks

The pickle serialization format has been a point of concern due to its ability to execute arbitrary code. The two models detected by ReversingLabs are stored in a compressed pickle file format, which is usually associated with the ZIP format. However, these models used the 7z format for compression, enabling them to avoid detection by Picklescan.

Implications and Mitigation

The fact that these models could still be partially deserialized despite Picklescan throwing an error message indicates a discrepancy between the tool's functionality and the deserialization process. This has led to the open-source utility being updated to address this bug. It's crucial for the ML community to stay vigilant and continuously update their security measures to counter such threats. hugging-face-malware.webp

Source: The Hacker News code.webp
Source: The Hacker News This news serves as a reminder for cybersecurity marketers and professionals to stay informed about the latest threats and to implement stringent security measures to protect against evolving cyber risks. GrackerAI, as an AI tool for cybersecurity marketers, plays a crucial role in providing these insights and helping to create a safer online environment.

Nikita Shekhawat
Nikita Shekhawat

Junior SEO Specialist

 

Nikita Shekhawat is a junior SEO specialist supporting off-page SEO and authority-building initiatives. Her work includes outreach, guest collaborations, and contextual link acquisition across technology and SaaS-focused publications. At Gracker, she contributes to building consistent, policy-aligned backlink strategies that support sustainable search visibility.

Related Articles

Top AI Visibility Tools for Automated Content Creation
AI visibility software

Top AI Visibility Tools for Automated Content Creation

Compare the best AI visibility tools for automated content creation. Discover platforms that track AI citations, identify content gaps, and help you create citation-ready content.

By Ankit Agarwal July 15, 2026 14 min read
common.read_full_article
What is Generative Engine Optimization? A B2B Marketer’s Guide to AEO
Generative Engine Optimization

What is Generative Engine Optimization? A B2B Marketer’s Guide to AEO

Stop chasing blue links. Learn how Generative Engine Optimization (GEO) helps B2B brands become the definitive source of truth in AI search results.

By Ankit Agarwal July 15, 2026 7 min read
common.read_full_article
Best AI Search Optimization Platforms for Small Marketing Teams
Best AI Search Optimization Platforms for Lean Marketing Teams

Best AI Search Optimization Platforms for Small Marketing Teams

Discover the best AI search optimization platforms for lean marketing teams. Compare AEO tools, features, pricing, and choose the right solution to improve AI visibility.

By Ankit Agarwal July 14, 2026 11 min read
common.read_full_article
How to Measure AI Search Visibility & Revenue: KPIs Every Marketing Team Should Track
AI search visibility

How to Measure AI Search Visibility & Revenue: KPIs Every Marketing Team Should Track

Learn how to measure AI search visibility and tie it to revenue. Track share of voice, citation frequency, sentiment, and AI-referred pipeline KPIs

By Ankit Agarwal July 15, 2026 10 min read
common.read_full_article