When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
In laymans terms, the flaws can be used to upload malicious AI models and tamper with container registries.
With the second flaw, the researchers found that some AIaaS platforms have insecure container registries.
With insecure container registries, attackers could modify other peoples models, potentially even introducing malicious code.
Wiz shared its findings with Hugging Face, after which the two worked together to mitigate the issues.
These steps include implementing strong access controls, regularly monitoring for suspicious activity, and using secure container registries.
