AI Model Confusion: An LLM/AI Model Supply Chain Attack - Checkmarx Checkmarx Zero research reveals the AI Model Confusion attack pattern against registries like Hugging Face, building on Dependency Confusion in OSS library registry. Learn what it is and how to…

Our own Ori Ron and Tal Folkman have been spending their time understanding how attackers can adapt open-source supply chain attack tactics to #AI model registries like #HuggingFace. In their most recent article, they discuss how they adapted #DependencyConfusion tactics into #ModelConfusion.

🧵4/4 ~ After the holiday season, we'll have more technical details and case studies!

#AI #SoftwareSupplyChain #LLM #ModelConfusion #ModelJacking #SupplyChainRisk #HuggingFace

We're working through the final stages of disclosure with several orgs who have been impacted by evolved forms of supply chain attacks targeting their LLM ecosystems on HuggingFace. 🧵

#AI #SoftwareSupplyChain #LLM #ModelConfusion #ModelJacking #SupplyChainRisk #HuggingFace