Security is a top priority at Hugging Face, and we’re committed to repeatedly enhancing our defenses to safeguard our users. In our ongoing security efforts, now we have developed a variety of security measures designed to empower users to guard themselves and their assets. On this blog post, we’ll take a take a look at our current security landscape as of August sixth, 2024, and break down key security measures available on the Hugging Face Hub.
This post is broken down into two parts: in the primary sections, we explore the essential security measures available to all users of the Hub. Then within the second section we describe the advanced controls available to Enterprise Hub users.
“Default” Hub Security Features
The next security measures can be found to all users of the Hugging Face Hub. We highly recommend that you simply use all of those controls where possible as it is going to help increase your resiliency against a wide range of common attacks, equivalent to phishing, token leaks, credential stuffing, session hijacking, etc.
Tremendous Grained Token
User Access Tokens are required to access Hugging Face via APIs. Along with the usual “read” and “write” tokens, Hugging Face supports “fine-grained” tokens which permit you implement least privilege by defining permissions on a per resource basis, ensuring that no other resources will be impacted within the event the token is leaked. Tremendous-grained tokens offer a plethora of how to tune your token, see the pictures below for the choices available. You’ll be able to learn more about tokens here: https://huggingface.co/docs/hub/en/security-tokens
Two Factor Authentication (2FA)
Two factor authentication adds an additional layer of protection to your online accounts by requiring two types of verification before granting access. 2FA combines something you realize (like a password) with something you could have (equivalent to a smartphone) to make sure that only authorized users can access sensitive information. By enabling 2FA, you possibly can greatly reduce the chance of unauthorized access from compromised passwords, credential stuffing and phishing. You’ll be able to learn more about 2FA here: https://huggingface.co/docs/hub/en/security-2fa
Commit Signing
Although Git has an authentication layer to regulate who can push commits to a repo, it doesn’t authenticate the actual commit writer. This implies it’s possible for bad actors to impersonate authors by utilizing git config --global user.email you@company.com and git config --global user.name Your Name. This config doesn’t robotically give them access to push to your repositories that they otherwise would not have – but it surely does allow them to impersonate you anywhere they’ll push to. This might be a public repository or a personal repository using compromised credentials or stolen SSH key.
Commit signing adds an extra layer of security by utilizing GPG to mitigate this issue; you possibly can learn more at Git Tools: Signing Your Work. Hugging Face gives authors the flexibility so as to add their GPG keys to their profile. When a signed commit is pushed, the signature is authenticated using the GPG key within the authors profile. If it’s a sound signature, the commit will likely be marked with a “Verified” badge. You’ll be able to learn more about commit signing here: https://huggingface.co/docs/hub/en/security-gpg
Organizational Access Controls
Organizations on Hugging Face have access to Organizational Access Controls. This enables teams and businesses to define least privilege access to their organization by assigning “read”, “write”, “contributor” or “admin” roles to every of their users. This helps make sure that the compromise of 1 user account (equivalent to via phishing) cannot affect your complete organization. You’ll be able to learn more about Organizational Access Controls here: https://huggingface.co/docs/hub/en/organizations-security
Automated Security Scanning
Hugging Face implements an automatic security scanning pipeline that scans all repos and commits. Currently, there are three major components of the pipeline:
- malware scanning: scans for known malware signatures with ClamAV
- pickle scanning: scans pickle files for malicious executable code with picklescan
- secret scanning: scans for passwords, tokens and API keys using the
trufflehog filesystemcommand
Within the event a malicious file is detected, the scans will place a notice on the repo allowing users to see that they could potentially be interacting with a malicious repository. You’ll be able to see an example of a (fake) malicious repository here: https://huggingface.co/mcpotato/42-eicar-street/tree/predominant.
For any verified secret detected, the pipeline will send an email notifying the owner in order that they’ll invalidate and refresh the key.
Verified secrets are those which were confirmed to work for authentication against their respective providers. Note, nevertheless, that unverified secrets usually are not necessarily harmless or invalid: verification can fail as a consequence of technical reasons, equivalent to within the case of down time from the provider.
You’ll be able to learn more about automated scanning here:
Enterprise Hub Security Features
Along with the security measures available to all users, Hugging Face offers advanced security controls for Enterprise users. These additional controls allow enterprises to construct a security configuration that’s best for them.
Single Sign-On (SSO)
Single sign-on (SSO) allows a user to access multiple applications with one set of credentials. Enterprises have widely moved to SSO because it allows their employees to access a wide range of corporate software using identities which can be managed centrally by their IT team. Hugging Face Enterprise supports SSO with each the SAML 2.0 and OpenID Connect (OIDC) protocols, and supports any compliant provider equivalent to Okta, OneLign, Azure AD, etc. Moreover, SSO users will be configured to be dynamically assigned access control roles based on data provided by your identity provider. You’ll be able to learn more about SSO here: https://huggingface.co/docs/hub/en/security-sso
Resource Groups
Along with the bottom organizational access controls, Enterprises can define and manage groups of repositories as Resource Groups. This permits you to segment your resources by team or purpose, equivalent to “Research”, “Engineering”, “Production” in order that the compromise of 1 segment can’t affect others. You’ll be able to learn more about Resource Groups here: https://huggingface.co/docs/hub/en/security-resource-groups
Organization Token Management
✨Latest✨ Enterprise users can now manage which tokens can access their organization and resources. Organization owners can implement the usage of fine-grained tokens and require administrator approval for every token. Administrators can review and revoke each token that has access to their repositories at any time.
You’ll be able to learn more about Organization Token Management here: https://huggingface.co/docs/hub/enterprise-hub-tokens-management
Data Residency
Enterprise users have access to data residency controls, which permit them to define where repositories (models, datasets, spaces) are stored. This enables for regulatory and legal compliance, while also improving download and upload performance by bringing the info closer to your users. We currently support US and EU regions, with Asia-Pacific coming soon. We call this feature “Storage Regions”. You’ll be able to learn more about Data Residency here: https://huggingface.co/docs/hub/en/storage-regions
Audit Logs
Enterprise users have access to audit logs that allow organization admins to review changes to repositories, settings and billing. The audit logs contain the username, location, IP, and motion taken and will be downloaded as a JSON file which will be utilized in your individual security tooling. You’ll be able to learn more about Audit Logs here: https://huggingface.co/docs/hub/en/audit-logs
Compliance
Hugging Face is SOC2 Type 2 certified and GDPR compliant. We provide Business Associate Addendums for GDPR data processing agreements to Enterprise Plan users. You’ll be able to learn more about our Compliance efforts here: https://huggingface.co/docs/hub/en/security
Custom Security Features
Hugging Face offers custom agreements and development of features and tools for Enterprise accounts that are established via Statement of Work (SoW) and Service Level Agreements (SLA). You’ll be able to reach out on to sales to debate your options at https://huggingface.co/contact/sales.
Conclusion
At Hugging Face, we’re committed to providing a secure and trustworthy platform for the AI community. With our robust security measures, users can concentrate on constructing and deploying AI models with confidence. Whether you are a person researcher or a big enterprise, our security measures are designed to empower you to guard yourself and your assets. By continually enhancing our defenses and expanding our security capabilities, we aim to remain ahead of emerging threats and maintain the trust of our users. If you could have any questions or feedback about our security measures, we might love to listen to from you. Reach out at security@huggingface.co!
