Hugging Face Teams Up with Protect AI: Enhancing Model Security for the ML Community

Source: HuggingFace Date: 2024-10-22 URL: https://huggingface.co/blog/protectai

Summary

Partnership announcement: HuggingFace is integrating Protect AI’s Guardian scanner into its model repository scanning pipeline. Guardian covers vulnerable serialization formats (pickle, Keras lambda layers) beyond what the existing picklescan tool caught. All public model repos are scanned automatically on push; the frontend was updated with visual scan result indicators. Over 1M model repos and hundreds of millions of files in scope.

Implications

Open-weights ecosystem health. Security posture of the Hub is a material concern at 1M+ repos — pickle-based exploits are a real supply-chain vector for anyone consuming HF models without inspection. This integration moves baseline scanning from opt-in to automatic, which raises the floor for all downstream consumers.

HF as open-source ML hub. Partnering with a specialized ML security vendor rather than building in-house signals HF is maturing its platform role — taking on infrastructure responsibility for trust and safety that individual users cannot reasonably handle themselves. Watch whether this expands to private repos or becomes a paid tier feature.