TL;DR:
- Researchers at Lasso Security discovered over 1,500 exposed API tokens granting access to Meta, Google, Microsoft, VMware, and other organizations’ large language model (LLM) repositories.
- Unauthorized access could have allowed malicious manipulation of training data, model theft, and heightened security risks for millions of users.
- Exposed tokens were found on GitHub and Hugging Face, with Hugging Face being a popular resource for LLM developers.
- Lasso Security urged organizations and developers to take responsibility for securing their tokens.
- Hugging Face, a key LLM platform with a vast repository of AI models and datasets, needs to enhance its security measures.
Main AI News:
In a startling revelation, researchers at Lasso Security have exposed a staggering total of 1,500+ tokens that allowed them varying degrees of access to large language model (LLM) repositories owned by Meta, Google, Microsoft, VMware, and a host of other organizations. This revelation underscores the alarming supply chain risks that organizations face when integrating LLM capabilities into their applications and operations.
What’s particularly concerning is that these exposed tokens enabled unauthorized access to Meta’s Bloom, Meta-Llama, and Pythia LLM repositories. This security breach could have enabled malicious actors to surreptitiously manipulate training data in widely-used LLMs, pilfer valuable models and datasets, and potentially execute other nefarious activities, thereby increasing security vulnerabilities for millions of end-users.
Lasso Security’s researchers managed to uncover these vulnerabilities by tapping into unsecured API access tokens discovered on GitHub and the Hugging Face platform—a go-to resource for LLM developers. Shockingly, the Meta-related tokens were just a fraction of the over 1,500 similar tokens found across Hugging Face and GitHub, granting various levels of access to repositories belonging to a whopping 722 organizations, including tech giants like Google, Microsoft, and VMware.
Bar Lanyado, a security researcher at Lasso, issued a stern warning: “Organizations and developers should understand Hugging Face and other similar platforms aren’t working [to secure] their users’ exposed tokens.” He emphasized that the onus is on developers and platform users to take proactive measures to safeguard their access.
“This research is part of our approach to shine a light on these kinds of weaknesses and vulnerabilities, to strengthen the security of these types of issues,” Lanyado emphasized.
Hugging Face, a pivotal platform for LLM professionals, serves as a wellspring of tools and resources for LLM projects. Hosting over 500,000 AI models and 250,000 datasets, including those from Meta, Google, Microsoft, and VMware, it facilitates both sharing and accessing these invaluable assets through its API. With backing from investors like Google and Nvidia, Hugging Face has garnered $235 million in funding.
Given its widespread use and growing popularity, Lasso Security embarked on an investigation into the platform’s registry and security mechanisms. In November 2023, their researchers aimed to identify exposed API tokens on GitHub and Hugging Face. Initially, the scans yielded limited results, especially on Hugging Face. However, a slight adjustment to their scanning process proved highly successful in uncovering a significant number of exposed tokens.
Lanyado expressed his surprise at the ease with which they obtained access to these tokens, even for top technology companies known for their stringent security measures. In total, Lasso identified 1,976 tokens across both GitHub and Hugging Face, with 1,681 being valid and usable. Among these, 1,326 resided on GitHub, and 370 were on Hugging Face. Remarkably, 655 of these tokens granted write permissions on Hugging Face, with several allowing full access to organizations utilizing Meta-Llama, Pythia, and Bloom. Lanyado cautioned that these vulnerabilities could have allowed attackers to manipulate models, compromise user data, and disseminate manipulated information.
In Meta’s case, Lasso researchers found multiple tokens, one of which had write permissions to Meta Llama, and two with write permissions to Pythia and Bloom. Microsoft and VMware tokens had read-only privileges but still provided access to private datasets and models.
Lasso Security acted responsibly by disclosing its findings to affected users and organizations, recommending the immediate revocation and deletion of exposed tokens from their repositories. Additionally, they alerted Hugging Face to address the issue promptly.
Fortunately, many organizations, including Meta, Google, Microsoft, and VMware, responded swiftly and responsibly by revoking tokens and disabling public access token codes on the same day as the report. This incident serves as a stark reminder of the critical importance of robust security measures in the ever-evolving landscape of AI and LLM technologies.
Conclusion:
The breach of Meta AI tokens underscores the critical need for heightened data security in the market. Organizations and developers must proactively secure their API tokens to prevent unauthorized access and potential data breaches. The incident also highlights the importance of platform providers like Hugging Face to bolster their security mechanisms, as the AI and LLM market continues to grow and evolve.
