Hugging Face integrates JFrog scanner to improve AI security on Hub

AI Impact Summary

Hugging Face is expanding its security tooling by integrating JFrog's Software Supply Chain scanner into the Hub. JFrog will parse and analyze code in model weights to detect potentially malicious usage, going beyond the existing picklescan pattern-matching that only inspects module names. This auto-scan applies to all public repos as they are pushed, reducing the risk of arbitrary code execution via serialized formats and improving detection of exploits across large-scale model sharing.