JFrog and Hugging Face Partner to Enhance AI Model Security and Deployment

Hugging Face Teams Up With JFrog To Hunt Down Malicious AI Models

JFrog's scanner aims to perform a deeper analysis and parse the code in model weights to check for potential malicious usage. Hugging Face, one of the most sought-out platforms to host AI models, announced a partnership with software supply chain platform JFrog to improve security on the Hugging Face Hub. Hugging Face explained that the model weights can contain code executed upon deserialisation and sometimes at inference time, depending on the format. To tackle this, it plans to integrate JFrog's scanner into its platform, adding new scanning functionality to reduce false positives on the Model Hub. "Through our integration with Hugging Face, we bring a powerful, methodology-driven approach that eliminates 96% of current false positives detected by scanners on the Hugging Face platform while also identifying threats that traditional scanners fail to detect," JFrog stated. "Our unique approach dissects embedded code, extracts payloads, and normalises evidence to eliminate false positives while detecting more serious threats." JFrog's scanner aims to perform a deeper analysis and parse the code in model weights to check for potential malicious usage. The scanning is powered by its 'file security scans' interface. It supports various models, including pickle-based models, TensorFlow models, GPT-Generated Unified Format (GGUF) models, Open Neural Network Exchange (ONNX) models, and more. Their documentation lists out all kinds of AI models supported by JFrog. Users do not need to do anything to benefit from the integration. All the public model repositories will be scanned by JFrog automatically as soon as they push files to the Model Hub. Hugging Face has shared an example repository where users can check how the scanner flags malicious files. With this integration to Hugging Face, users should get a better sense of security before using AI models to deploy for their use-cases.

JFrog advances AI security with Hugging Face partnership, Nvidia NIM and new MLOps platform - SiliconANGLE

JFrog advances AI security with Hugging Face partnership, Nvidia NIM and new MLOps platform Software supply chain company JFrog Ltd. today announced a number of new releases aimed at bringing greater trust, transparency and security to the world of artificial intelligence. The company announced three key updates designed to help enterprises safely deploy machine learning models into production, address rising threats in AI supply chains and simplify the delivery of generative AI applications at scale. Leading the list of announcements is a new partnership with Hugging Face Inc., the world's largest repository of open-source machine learning models. Under the partnership, JFrog will provide advanced security scanning across all models hosted on the Hugging Face Hub, with a "JFrog Certified" badge highlighting models that pass verification. The integration seeks to address growing concerns over the security of machine learning supply chains following the discovery of malicious models on the platform in early 2024. With JFrog scanning technology embedded directly into the Hub, Hugging Face users will gain greater transparency into potential threats like backdoors, remote code execution and model serialization attacks. JFrog said its analysis has already identified 25 previously undetected malicious models, highlighting the need to secure open-source machine learning assets. With the new integration, scans will run continuously, allowing developers and data scientists to assess the safety of models before downloading or deploying them into production environments. The second announcement today sees JFrog teaming up with Nvidia Corp. to integrate its platform with Nvidia Inference Microservices, part of the Nvidia AI Enterprise suite. The collaboration is designed to provide a unified, end-to-end solution for securely deploying GPU-optimized machine learning models and large language models into production. The integration will allow enterprises to manage and deploy pre-approved models, such as Meta Platform Inc.'s Llama 3 and Mistral AI, with full security, governance and traceability built into their existing DevSecOps workflows. JFrog says the approach helps reduce the complexity of scaling generative AI projects while maintaining compliance with evolving regulatory requirements. Through the use of JFrog Artifactory as a central hub for managing software components, organizations can track, secure and optimize the delivery of AI workloads alongside traditional applications. The idea is to ensure continuous security scanning, version control and automated policy enforcement across every stage of the AI model lifecycle. The integration also addresses a key barrier to enterprise AI adoption by making it easier to move from experimental projects to reliable, large-scale deployments. The solution is aimed at supporting production-grade performance with enterprise-level peace of mind while offering flexible options for multicloud, on-premises and air-gapped environments. The final announcement is JFrog ML, a new MLOps solution designed to unify machine learning development with traditional DevSecOps practices. The platform provides an end-to-end framework for securely managing, deploying and monitoring AI models alongside other software artifacts. JFrog ML helps organizations apply the same governance, traceability and security controls across their entire software supply chain by treating machine learning models like first-class software packages. The approach is aimed at reducing friction among data science, engineering and operations teams, making it easier to move models from experimentation to production. The new offering includes integrations with Hugging Face, AWS SageMaker, MLflow and Nvidia NIM to support a wide range of workflows from training to deployment. JFrog ML also features built-in capabilities for dataset management, feature stores and automated model serving at scale. "As the demand for AI-powered applications continues to grow, so do the concerns around use of open source ML models and platforms," said JFrog co-founder and Chief Executive Shlomi Ben Haim. "JFrog ML combines a superior, straightforward and hassle-free user experience for bringing models to production."