The open-source artificial intelligence platform, Hugging Face, is entering a partnership with the cloud virus scanner, VirusTotal, to tackle emerging threats. Now, when you go to Hugging Face to download an AI model, you will see associated security information from various malware scanners, including VirusTotal results.
This new feature helps users understand the potential risks of files hosted on Hugging Face in the model files, datasets, and related artifacts, before they’re downloaded. Any unsafe file detections by VirusTotal will include a link to a public report for full details.
While many people are comfortable with AI now, the technology is still creating new threats. One of those threats is tampered model files, unsafe dependencies, data poisoning, and hidden backdoors. Not only do Hugging Face users benefit from today’s development, but it also connects VirusTotal with Hugging Face so that it can expand research into threats targeting AI models.
Explaining how it’s developing new techniques to fight the threats of AI, VirusTotal said:
“At VirusTotal, we’re also evolving to meet the challenges of this new landscape. We’re developing AI-driven analysis tools such as Code Insight, which uses LLMs to understand and explain code behavior, and we’re adding support for specialized tools for model/serialization formats, including picklescan, safepickle, and ModelScan, to help surface risky patterns and unsafe deserialization flows.”
As a bit of background for those that don’t know, VirusTotal is a company owned by Google. Its main product is a website that lets you check files, domains, IPs, and URLs for malware or other breaches. When you upload a file, it will check it against many different anti-malware solutions to see if they can find an issue. It’s definitely a handy website for your security toolbox.