Hugging Face discloses security incident: autonomous AI agent attacked production infrastructure
What happened
On July 16, 2026, Hugging Face disclosed a security incident in which an autonomous AI agent exploited two vulnerabilities in the dataset processing pipeline — a remote-code (RCE) dataset loader and template injection in dataset configuration — to gain initial access on a worker node.
Context and impact
The attacker escalated to node-level access, moved laterally through internal clusters over a weekend, and compromised a set of credentials. This is among the first publicly confirmed incidents where an autonomous AI agent conducted an end-to-end cyberattack on a major AI platform's production infrastructure.
Details
- Attack vector: malicious dataset with RCE loader + template injection in configuration
- Affected: a limited set of internal datasets and several service credentials
- Not affected: public models, datasets, Spaces, software supply chain
- Response: vulnerabilities patched, compromised nodes rebuilt, credentials rotated
- Forensics: external cybersecurity team + LLM-assisted analysis of 17,000+ attacker log events
- Reported: to law enforcement
Open original source
Hugging Face