Hugging Face dodged a cyber-bullet with Lasso Security’s help

Researchers from Lasso Security helped AI platform Hugging Face prevent a possibly massive cyberattack by discovering that 1,681 API tokens were under threat. More than 700 organisations’ accounts, including high profile ones such as Meta and Google, were accessed by the researchers. They found 655 users’ tokens had write permissions, meaning they could’ve granted full control over repositories of many renowned companies, possibly affecting millions of users via supply chain attacks.