JFrog and Hugging Face Partner to Enhance AI Model Security and Deployment
2 Sources
2 Sources
[1]
Hugging Face Teams Up With JFrog To Hunt Down Malicious AI Models
JFrog's scanner aims to perform a deeper analysis and parse the code in model weights to check for potential malicious usage. Hugging Face, one of the most sought-out platforms to host AI models, announced a partnership with software supply chain platform JFrog to improve security on the Hugging Face Hub. Hugging Face explained that the model weights can contain code executed upon deserialisation and sometimes at inference time, depending on the format. To tackle this, it plans to integrate JFrog's scanner into its platform, adding new scanning functionality to reduce false positives on the Model Hub. "Through our integration with Hugging Face, we bring a powerful, methodology-driven approach that eliminates 96% of current false positives detected by scanners on the Hugging Face platform while also identifying threats that traditional scanners fail to detect," JFrog stated. "Our unique approach dissects embedded code, extracts payloads, and normalises evidence to eliminate false positives while detecting more serious threats." JFrog's scanner aims to perform a deeper analysis and parse the code in model weights to check for potential malicious usage. The scanning is powered by its 'file security scans' interface. It supports various models, including pickle-based models, TensorFlow models, GPT-Generated Unified Format (GGUF) models, Open Neural Network Exchange (ONNX) models, and more. Their documentation lists out all kinds of AI models supported by JFrog. Users do not need to do anything to benefit from the integration. All the public model repositories will be scanned by JFrog automatically as soon as they push files to the Model Hub. Hugging Face has shared an example repository where users can check how the scanner flags malicious files. With this integration to Hugging Face, users should get a better sense of security before using AI models to deploy for their use-cases.
[2]
JFrog advances AI security with Hugging Face partnership, Nvidia NIM and new MLOps platform - SiliconANGLE
JFrog advances AI security with Hugging Face partnership, Nvidia NIM and new MLOps platform Software supply chain company JFrog Ltd. today announced a number of new releases aimed at bringing greater trust, transparency and security to the world of artificial intelligence. The company announced three key updates designed to help enterprises safely deploy machine learning models into production, address rising threats in AI supply chains and simplify the delivery of generative AI applications at scale. Leading the list of announcements is a new partnership with Hugging Face Inc., the world's largest repository of open-source machine learning models. Under the partnership, JFrog will provide advanced security scanning across all models hosted on the Hugging Face Hub, with a "JFrog Certified" badge highlighting models that pass verification. The integration seeks to address growing concerns over the security of machine learning supply chains following the discovery of malicious models on the platform in early 2024. With JFrog scanning technology embedded directly into the Hub, Hugging Face users will gain greater transparency into potential threats like backdoors, remote code execution and model serialization attacks. JFrog said its analysis has already identified 25 previously undetected malicious models, highlighting the need to secure open-source machine learning assets. With the new integration, scans will run continuously, allowing developers and data scientists to assess the safety of models before downloading or deploying them into production environments. The second announcement today sees JFrog teaming up with Nvidia Corp. to integrate its platform with Nvidia Inference Microservices, part of the Nvidia AI Enterprise suite. The collaboration is designed to provide a unified, end-to-end solution for securely deploying GPU-optimized machine learning models and large language models into production. The integration will allow enterprises to manage and deploy pre-approved models, such as Meta Platform Inc.'s Llama 3 and Mistral AI, with full security, governance and traceability built into their existing DevSecOps workflows. JFrog says the approach helps reduce the complexity of scaling generative AI projects while maintaining compliance with evolving regulatory requirements. Through the use of JFrog Artifactory as a central hub for managing software components, organizations can track, secure and optimize the delivery of AI workloads alongside traditional applications. The idea is to ensure continuous security scanning, version control and automated policy enforcement across every stage of the AI model lifecycle. The integration also addresses a key barrier to enterprise AI adoption by making it easier to move from experimental projects to reliable, large-scale deployments. The solution is aimed at supporting production-grade performance with enterprise-level peace of mind while offering flexible options for multicloud, on-premises and air-gapped environments. The final announcement is JFrog ML, a new MLOps solution designed to unify machine learning development with traditional DevSecOps practices. The platform provides an end-to-end framework for securely managing, deploying and monitoring AI models alongside other software artifacts. JFrog ML helps organizations apply the same governance, traceability and security controls across their entire software supply chain by treating machine learning models like first-class software packages. The approach is aimed at reducing friction among data science, engineering and operations teams, making it easier to move models from experimentation to production. The new offering includes integrations with Hugging Face, AWS SageMaker, MLflow and Nvidia NIM to support a wide range of workflows from training to deployment. JFrog ML also features built-in capabilities for dataset management, feature stores and automated model serving at scale. "As the demand for AI-powered applications continues to grow, so do the concerns around use of open source ML models and platforms," said JFrog co-founder and Chief Executive Shlomi Ben Haim. "JFrog ML combines a superior, straightforward and hassle-free user experience for bringing models to production."
Share
Copy Link
JFrog teams up with Hugging Face to improve AI model security, launches new MLOps platform, and partners with Nvidia for streamlined AI deployment, addressing critical concerns in the AI supply chain.
JFrog and Hugging Face Join Forces to Enhance AI Model Security
In a significant move to address growing concerns over AI model security, software supply chain platform JFrog has announced a partnership with Hugging Face, the world's largest repository of open-source machine learning models. This collaboration aims to improve security on the Hugging Face Hub by integrating JFrog's advanced scanning technology 1.
The partnership comes in response to the discovery of malicious models on the platform in early 2024, highlighting the urgent need for enhanced security measures in the AI supply chain. JFrog's scanner will perform deep analysis of model weights, parsing embedded code to check for potential malicious usage 1.
Advanced Scanning and Certification Process
JFrog's integration with Hugging Face introduces a "JFrog Certified" badge for models that pass verification, providing users with greater transparency and confidence in the models they choose to deploy. The scanning process, which will run continuously, supports various model types including pickle-based, TensorFlow, GPT-Generated Unified Format (GGUF), and Open Neural Network Exchange (ONNX) models 2.
Notably, JFrog's analysis has already identified 25 previously undetected malicious models, underscoring the importance of this security initiative. Users of the Hugging Face Hub will automatically benefit from this integration, with all public model repositories being scanned as soon as files are pushed to the Model Hub 1.
JFrog's Expansion in AI Security and Deployment
Beyond the Hugging Face partnership, JFrog has announced two additional initiatives to enhance AI security and deployment:
-
Collaboration with Nvidia: JFrog is integrating its platform with Nvidia Inference Microservices, part of the Nvidia AI Enterprise suite. This collaboration aims to provide a unified solution for securely deploying GPU-optimized machine learning models and large language models into production environments 2.
-
Launch of JFrog ML: This new MLOps solution is designed to unify machine learning development with traditional DevSecOps practices. JFrog ML offers an end-to-end framework for managing, deploying, and monitoring AI models alongside other software artifacts, applying consistent governance, traceability, and security controls across the entire software supply chain 2.
Impact on AI Development and Deployment
These initiatives by JFrog address critical challenges in the AI industry, particularly in terms of security and scalability. By integrating advanced security measures into popular platforms like Hugging Face and offering solutions for streamlined deployment, JFrog is contributing to a more secure and efficient AI development ecosystem.
Shlomi Ben Haim, JFrog's co-founder and CEO, emphasized the growing concerns around the use of open-source ML models and platforms, stating that JFrog ML offers "a superior, straightforward and hassle-free user experience for bringing models to production" 2.
As the demand for AI-powered applications continues to rise, these developments represent a significant step towards ensuring the safety and reliability of AI models in production environments, potentially accelerating the adoption of AI technologies across various industries.
Summarized by
Navi
[1]
Google Unveils Gemini 2.5 Deep Think: A Powerful AI Model for Complex Problem-Solving
Google releases Gemini 2.5 Deep Think, an advanced AI model designed for complex queries, available exclusively to AI Ultra subscribers at $250 per month. The model showcases improved performance in various benchmarks and introduces parallel thinking capabilities.
17 Sources
Technology
14 hrs ago
17 Sources
Technology
14 hrs ago
OpenAI Secures $8.3 Billion in Funding, Reaching $300 Billion Valuation
OpenAI raises $8.3 billion in a new funding round, valuing the company at $300 billion. The AI giant's rapid growth and ambitious plans attract major investors, signaling a significant shift in the AI industry landscape.
10 Sources
Business and Economy
6 hrs ago
10 Sources
Business and Economy
6 hrs ago
Reddit's AI-Driven Strategy Boosts Revenue and User Engagement
Reddit's Q2 earnings reveal significant growth driven by AI-powered advertising tools and data licensing deals, showcasing the platform's successful integration of AI technology.
7 Sources
Business and Economy
14 hrs ago
7 Sources
Business and Economy
14 hrs ago
Reddit Aims to Become a Go-To Search Engine with Unified AI-Powered Search Experience
Reddit is repositioning itself as a search engine, integrating its traditional search with AI-powered Reddit Answers to create a unified search experience. The move comes as the platform sees increased user reliance on its vast community-generated content for information.
9 Sources
Technology
22 hrs ago
9 Sources
Technology
22 hrs ago
GPT-5: OpenAI's Game-Changing AI Model Set for Imminent Release
OpenAI is poised to launch GPT-5, a revolutionary AI model that promises to unify various AI capabilities and automate model selection for optimal performance.
2 Sources
Technology
14 hrs ago
2 Sources
Technology
14 hrs ago
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
