JFrog and Hugging Face Team to Improve Machine Learning Security and Transparency for Developers
JFrog (NASDAQ: FROG) announced a partnership with Hugging Face to enhance security scanning for machine learning models in the Hugging Face Hub. The integration will display a 'JFrog Certified' checkmark to indicate safer models for use.
JFrog's Advanced Security scanning capabilities have already identified 25 zero-day malicious models on Hugging Face that were previously undetected by other scanners. The company's enhanced approach eliminates over 96% of false positives compared to existing solutions.
The partnership addresses critical security challenges in AI/ML development, as surveys indicate that while 80% of enterprises use or experiment with AI applications, over 90% feel unprepared for AI security challenges. The integration aims to protect against threats including model serialization attacks, known CVEs, and backdoors throughout the ML model lifecycle.
JFrog (NASDAQ: FROG) ha annunciato una partnership con Hugging Face per migliorare la scansione della sicurezza dei modelli di machine learning nell'Hugging Face Hub. L'integrazione mostrerà un segno di spunta 'JFrog Certified' per indicare modelli più sicuri da utilizzare.
Le capacità avanzate di scansione della sicurezza di JFrog hanno già identificato 25 modelli malevoli zero-day su Hugging Face che erano stati precedentemente non rilevati da altri scanner. L'approccio migliorato dell'azienda elimina oltre il 96% dei falsi positivi rispetto alle soluzioni esistenti.
La partnership affronta sfide critiche di sicurezza nello sviluppo di AI/ML, poiché i sondaggi indicano che mentre l'80% delle aziende utilizza o sperimenta applicazioni AI, oltre il 90% si sente impreparato ad affrontare le sfide di sicurezza dell'AI. L'integrazione mira a proteggere contro minacce come attacchi di serializzazione dei modelli, CVE noti e backdoor durante l'intero ciclo di vita del modello ML.
JFrog (NASDAQ: FROG) anunció una asociación con Hugging Face para mejorar el escaneo de seguridad de los modelos de aprendizaje automático en el Hugging Face Hub. La integración mostrará una marca de verificación 'JFrog Certified' para indicar modelos más seguros para su uso.
Las capacidades avanzadas de escaneo de seguridad de JFrog ya han identificado 25 modelos maliciosos de día cero en Hugging Face que previamente no fueron detectados por otros escáneres. El enfoque mejorado de la compañía elimina más del 96% de los falsos positivos en comparación con las soluciones existentes.
La asociación aborda desafíos críticos de seguridad en el desarrollo de AI/ML, ya que las encuestas indican que, mientras el 80% de las empresas utilizan o experimentan con aplicaciones de IA, más del 90% se siente poco preparado para los desafíos de seguridad de la IA. La integración tiene como objetivo proteger contra amenazas como ataques de serialización de modelos, CVE conocidos y puertas traseras a lo largo del ciclo de vida del modelo de ML.
JFrog (NASDAQ: FROG)는 Hugging Face와 파트너십을 체결하여 Hugging Face Hub에서 머신러닝 모델에 대한 보안 스캔을 강화한다고 발표했습니다. 이 통합은 사용하기에 더 안전한 모델을 나타내기 위해 'JFrog Certified' 체크마크를 표시합니다.
JFrog의 고급 보안 스캔 기능은 이미 Hugging Face에서 다른 스캐너에 의해 탐지되지 않았던 25개의 제로데이 악성 모델을 식별했습니다. 회사의 향상된 접근 방식은 기존 솔루션에 비해 96% 이상의 잘못된 긍정 반응을 제거합니다.
이 파트너십은 AI/ML 개발에서 중요한 보안 문제를 다루고 있으며, 설문 조사에 따르면 80%의 기업이 AI 애플리케이션을 사용하거나 실험하고 있지만, 90% 이상이 AI 보안 문제에 대비가 부족하다고 느끼고 있습니다. 이 통합은 모델 직렬화 공격, 알려진 CVE 및 ML 모델 생애 주기 전반에 걸친 백도어와 같은 위협으로부터 보호하는 것을 목표로 하고 있습니다.
JFrog (NASDAQ: FROG) a annoncé un partenariat avec Hugging Face pour améliorer le scan de sécurité des modèles d'apprentissage automatique dans le Hugging Face Hub. L'intégration affichera une coche 'JFrog Certified' pour indiquer des modèles plus sûrs à utiliser.
Les capacités avancées de scan de sécurité de JFrog ont déjà identifié 25 modèles malveillants zero-day sur Hugging Face qui n'avaient pas été détectés par d'autres scanners. L'approche améliorée de l'entreprise élimine plus de 96% des faux positifs par rapport aux solutions existantes.
Ce partenariat aborde des défis critiques de sécurité dans le développement de l'IA/ML, car des enquêtes indiquent que, bien que 80% des entreprises utilisent ou expérimentent des applications IA, plus de 90% se sentent mal préparées aux défis de sécurité de l'IA. L'intégration vise à protéger contre des menaces telles que les attaques par sérialisation de modèles, les CVE connus et les portes dérobées tout au long du cycle de vie du modèle ML.
JFrog (NASDAQ: FROG) hat eine Partnerschaft mit Hugging Face angekündigt, um die Sicherheitsüberprüfung von Machine-Learning-Modellen im Hugging Face Hub zu verbessern. Die Integration wird ein 'JFrog Certified'-Häkchen anzeigen, um sicherere Modelle zur Nutzung anzuzeigen.
Die fortschrittlichen Sicherheitsüberprüfungsfunktionen von JFrog haben bereits 25 Zero-Day-schädliche Modelle auf Hugging Face identifiziert, die zuvor von anderen Scannern nicht erkannt wurden. Der verbesserte Ansatz des Unternehmens beseitigt über 96% der falsch-positiven Ergebnisse im Vergleich zu bestehenden Lösungen.
Die Partnerschaft adressiert kritische Sicherheitsherausforderungen in der AI/ML-Entwicklung, da Umfragen zeigen, dass während 80% der Unternehmen AI-Anwendungen nutzen oder damit experimentieren, über 90% sich unvorbereitet für die Sicherheitsherausforderungen von AI fühlen. Die Integration zielt darauf ab, sich gegen Bedrohungen wie Modellserialisierungsangriffe, bekannte CVEs und Hintertüren im gesamten Lebenszyklus des ML-Modells zu schützen.
- Partnership with major ML platform Hugging Face expands market reach
- Advanced security scanning eliminates 96% of false positives
- Discovered 25 zero-day malicious models, demonstrating superior detection capabilities
- None.
Insights
JFrog's partnership with Hugging Face addresses a critical security gap in the AI ecosystem by integrating advanced scanning capabilities directly into the world's largest ML model repository. The timing is strategically significant as organizations rapidly adopt AI without adequate security protocols.
What sets this integration apart technically is JFrog's malicious code decompilation and deep data flow analysis capabilities. Their claimed
The "JFrog Certified" checkmark creates a trust differentiator that should drive increased visibility within the developer community. This partnership positions JFrog as a gatekeeper in the AI supply chain, similar to how GitHub's security scanning became essential for code repositories.
With government cybersecurity agencies now explicitly warning about pre-trained model risks, this integration addresses regulatory concerns while creating a competitive moat in the nascent ML security market. For JFrog, this represents a logical extension of their software supply chain security expertise into a high-growth adjacent market, potentially accelerating customer acquisition beyond their traditional DevOps base.
This partnership tackles one of the most overlooked vulnerabilities in AI development: the security of pre-trained models. As ML models become production infrastructure rather than research artifacts, the security implications grow exponentially.
The integration addresses a critical friction point in AI development workflows. Currently, data scientists and ML engineers must choose between security and speed, often downloading models with minimal vetting. By embedding scanning directly into Hugging Face's platform, security becomes frictionless rather than an additional step.
What's particularly notable is how this integration bridges two previously separate technology domains: traditional cybersecurity and machine learning operations (MLOps). As organizations build ML-powered applications, securing the entire ML supply chain becomes essential. JFrog's ability to identify models as malicious through enhanced analysis provides a more reliable security layer than basic scanning approaches.
For enterprise adoption of generative AI, security remains a primary barrier. This collaboration helps organizations implement responsible AI practices by ensuring model provenance and security before deployment. With
New integration significantly improves the quality and trustworthiness of open-source ML Models, resulting in safer, more responsible AI for everyone
“As ML models become integral to critical business applications, ensuring these models are secure is crucial for preventing breaches, data leaks, and decision-making errors,” said Asaf Karas, CTO of JFrog Security. “We’ve been working with Hugging Face since 2023 to help securely bring ML Models to production. We also found intentionally malicious models in Hugging Face in early 2024, which prompted us to dedicate more of our security experts to help scan and assess the well-being of all Hugging Face models to ensure they are safe for use in AI application development.”
Machine learning (ML) introduces a new set of supply chain assets, such as models and datasets, which not only come with their own security challenges but also increase an organization’s attack surface. These newer areas of the ML supply chain may allow nefarious actors to achieve remote code execution to infiltrate and spread malicious code inside an organization through ML Models. This could potentially grant access to critical internal systems and pave the way for large-scale data breaches or even corporate espionage, impacting not just individual users but potentially entire organizations across the globe.
Ensuring ML Model Integrity with JFrog Advanced Security
JFrog Xray and JFrog Advanced Security – key components of the JFrog Software Supply Chain Platform – are designed to scan AI/ML model artifacts for threats at every stage of their lifecycle. These threats include model serialization attacks, known CVEs, backdoors, and more. Now Hugging Face will utilize JFrog Advanced Security scans in its Hugging Face Hub, allowing each model contained within the platform to be scanned in advance of being downloaded for use. The results of each scan will be prominently displayed for all users to see.
This new advanced security integration between Hugging Face and JFrog differs from existing ML model scanners due to JFrog’s malicious code decompilation and deep data flow analysis. While existing solutions simply check for automatically-executed code embedded in a model, JFrog’s model scanner uses an enhanced approach to extract and analyze the embedded code which eliminates more than
In addition, JFrog’s enhanced analysis highlighted 25 models as zero-day malicious in nature. These are machine learning models hosted in Hugging Face which were not identified as malicious by any other scanner available for Hugging Face based on our evaluation.
Surveys have found that while over
“For a long time, AI was a researcher’s field, and the security practices were quite basic, but as the popularity and widespread use of AI grows, so do the number of potentially bad actors who may want to target the AI community in general and our platform more specifically,” said Julien Chaumond, CTO, Hugging Face. “As the leading collaboration platform for AI models, we’re delighted to deepen our partnership with JFrog to implement high-quality scanning capabilities for our AI/ML models and deliver greater peace of mind for developers looking to create the next generation of AI-powered applications.”
For a deeper look at how ML Model scanning of Hugging Face is being performed using the JFrog Platform, read this blog or learn more about JFrog’s Hugging Face integration, scanning malicious AI models, and model threat categories.
You can also learn more about how JFrog and other AI industry players are contributing to AI/ML security at the inaugural MLOps Days community event, taking place March 4, 2025 in
We welcome the community to send feedback on this integration directly to JFrog’s security research team at research@jfrog.com.
Like this story? Post this on X (formerly Twitter): @JFrog and @huggingface unite to provide integrated security scanning tools in the Hugging Face platform, helping users detect malicious code before downloading any #ML models. Learn more: https://jfrog.co/41kYaOT #MLOps #AI #softwaresupplychain #security #DevSecOps
About JFrog
JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on X: @jfrog
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the
These forward-looking statements are based on our current assumptions, expectations, and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2024, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements except as required by law.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250304244002/en/
Media Contact:
Siobhan Lyons, Sr. Manager, Global Communications, siobhanL@jfrog.com
Investor Contact:
Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com
Source: JFrog Ltd.