{"data":{"id":"6a7f2fc0-eb29-4250-a2de-fa4523caf300","title":"Hugging Face Packages Weaponized With a Single File Tweak","summary":"A tokenizer (the component that breaks down text into pieces an AI model can understand) file in Hugging Face AI models can be modified by attackers to take control of what the model outputs and steal data. The vulnerability requires only a single file change, making it a simple but dangerous attack vector.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.darkreading.com/cloud-security/hugging-face-packages-weaponized-single-file-tweak","publishedAt":"2026-05-12T14:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Hugging Face"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-12T14:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}