Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
highnews
security
Source: CSO OnlineMay 11, 2026
Summary
A fake AI model repository on Hugging Face (a platform for sharing AI models) impersonated OpenAI's Privacy Filter and tricked 244,000 users into downloading it before removal. The malicious repository contained a loader.py file that delivered infostealer malware (software that steals passwords and credentials) to Windows systems, highlighting risks in how companies source and validate AI models from public repositories.
Classification
Attack Type
Supply ChainModel Theft
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
Affected Vendors
HuggingFaceOpenAI
Related Issues
Monthly digest — independent AI security research
Original source: https://www.csoonline.com/article/4169407/malicious-hugging-face-model-masquerading-as-openai-release-hits-244k-downloads.html
First tracked: May 11, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%