Hugging Face identified unauthorized access to internal datasets and credentials caused by an autonomous agent framework exploiting code-execution paths in its dataset processing pipeline. The intrusion allowed the actor to escalate privileges, harvest cloud credentials, and move laterally across internal clusters.

  • The attacker used a malicious dataset to abuse a remote-code loader and template injection, running code on a processing worker.
  • The campaign utilized an agentic security-research harness executing thousands of actions across short-lived sandboxes with self-migrating command-and-control.
  • Hugging Face closed the root vulnerabilities, rebuilt compromised nodes, and rotated affected credentials.
  • Forensic analysis was conducted using GLM 5.2 on internal infrastructure to bypass commercial API safety guardrails that blocked the submission of exploit payloads.

The incident highlights the need for defenders to have capable models ready on their own infrastructure to avoid guardrail lockout during security investigations.