Hugging Face and VirusTotal collaborate to strengthen AI security

Source: HuggingFace Date: 2025-10-22 URL: https://huggingface.co/blog/virustotal

Summary

Hugging Face integrated VirusTotal’s threat intelligence directly into the Hub, scanning all 2.2M+ public model and dataset repositories via hash comparison against VirusTotal’s malware database. The integration is privacy-preserving (only file hashes shared, not content) and surfaces results on repository pages before download. Users and CI/CD pipelines can now see whether a model file has been previously flagged, linked to known malware campaigns, or associated with threat actors—without leaving the Hub.

Implications

• First direct feed to the npm supply chain attacks thread as applied to the ML layer: the same attack patterns (malicious payloads embedded in trusted-looking artifacts) that hit Bitwarden CLI and Axios in April 2026 were active in the model distribution layer six months earlier.
• The hash-only integration is a template for privacy-preserving security scanning that could propagate to other registries (npm, PyPI, cargo)—the architecture is reusable.
• Positions Hugging Face as the first AI artifact registry with embedded threat intelligence at publish time, which creates a competitive expectation for any registry hosting executables with embedded weights or serialized Python.