Hugging Face Hub security features update: fine-grained tokens, 2FA, commit signing, SSO, and Enterprise controls

AI Impact Summary

Hugging Face is expanding security capabilities across Hub and Enterprise Hub, introducing fine-grained access tokens, 2FA, and GPG-backed commit signing, along with organizational access controls. An automated scanning pipeline (malware via ClamAV, pickle scanning with picklescan, and secret scanning with trufflehog) strengthens repository safety with visible notices and alerting for verified secrets. Enterprise-specific features add SSO (SAML 2.0 and OIDC), Resource Groups, Organization Token Management, and data residency (Storage Regions) plus audit logs, enabling tighter governance and regulatory compliance. These capabilities collectively enable least-privilege API usage, verifiable commit authorship, centralized identity management, and faster incident response, reducing risk from credential leaks and phishing while improving auditability at scale.