Hugging Face and JFrog partner to make AI Security more transparent

Source: HuggingFace Date: 2025-03-04 URL: https://huggingface.co/blog/jfrog

Summary

Integration announcement: HF partners with JFrog to add deep malware scanning to the Hub, complementing existing picklescan. JFrog’s scanner parses and analyzes code in model weights rather than pattern-matching — catches exploits beyond pickle (e.g., Keras Lambda layers for arbitrary code execution). Runs automatically on all public model pushes; hundreds of millions of files already scanned. No benchmark numbers.

Implications

HF as open-source ML hub. JFrog integration addresses a real attack surface: serialized model formats executing arbitrary code on deserialization is an underappreciated supply chain risk. The move from pattern-matching (picklescan) to semantic code analysis (JFrog) represents a meaningful security level upgrade — particularly relevant as the Hub hosts models from millions of contributors with no pre-publication review.

Open-weights ecosystem health. Automatic security scanning of all public models changes the trust calculus for Hub-downloaded models. Enterprise teams evaluating Hub models for production use have historically needed to run their own scanning; Hub-integrated JFrog scanning moves baseline security assurance onto HF’s platform. This is the type of infrastructure investment that enables Hub adoption in regulated industries.