Security is a top priority in embracing your face and we are committed to continuing to strengthen our defenses to protect our users. Our ongoing security efforts have developed a variety of security features designed to help users protect themselves and their assets. In this blog post, we look at the current security landscape as of August 6, 2024 and categorize the key security features available on Hugging Face Hub.
This post is divided into two parts. The first section examines the important security features available to all users of the hub. Next, the second section describes the advanced controls available to Enterprise Hub users.
“Default” hub security feature
The following security features are available to all users of the Hugging Face Hub: We highly recommend using all these controls whenever possible. This is because it helps to increase your resilience to a variety of common attacks, such as phishing, token leaks, credentials, and session hijacking.
Fine particle token
The user access token must be accessed to hug the face through the API. In addition to the standard “read” and “write” tokens, hugging your face supports “fine-tuned” tokens. Fine grain tokens provide many ways to tune tokens. See the image below for available options. For more information about tokens, please visit https://huggingface.co/docs/hub/en/security-tokens
Two-factor authentication (2FA)
Two-factor authentication adds an additional layer of protection to your online account by requiring two forms of verification before granting access. 2FA combines what you know (like a password) with what you have (such as a smartphone) to ensure that only authorized users can access sensitive information. Enabling 2FA can significantly reduce the risk of unauthorized access from compromised passwords, qualification fillings and phishing. For more information about 2FA, please visit https://huggingface.co/docs/hub/en/security-2fa
Commit the signature
Git has an authentication layer to control who can push commits into the repository, but it does not authenticate the actual commit author. This means that bad actors are spoofing authors using git config –global user.email you@company.com and git config –global user.name name name name name config. This configuration doesn’t automatically provide access to pushing to repositories you don’t otherwise have, but it allows them to impersonate you where they can push. This could be a public or private repository with compromised credentials or stolen SSH keys.
Signature Signature adds an additional layer of security by mitigating this issue using GPG. Learn more at Git Tools: Sibles Sibles. By hugging her face, the author can add a GPG key to the profile. When a signed commit is pushed, the signature is authenticated using the GPG key in the author profile. If it is a valid signature, the commit will be marked with a “verified” badge. For more information about signature signing, please visit https://huggingface.co/docs/hub/en/security-gpg
Organizational Access Control
Embracing facial organizations have access to organizational access controls. This allows teams and businesses to define privileged access to their organizations by assigning each user the roles of “read”, “write”, “contributor”, or “admin” to them. This allows you to prevent compromises on one user account (such as phishing) from affecting the entire organization. For more information about organizational access control, see https://huggingface.co/docs/hub/en/organizations-security
Automatic Security Scan
When you hug your face, an automatic security scan pipeline is implemented that scans all your reports and commits. Currently, there are three main components in the pipeline:
Malware Scan: Scan for Known Malware Signatures using Clamav Pickle Scanning: Pickle Files of Malicious Employability Code using Picklescan Secret Scanning: Scan Passwords, Tokens, API Keys using Truffle Hog File System
If a malicious file is detected, the scan places a notification in the repository so that users can see that they may be interacting with the malicious repository. For an example of (fake) malicious repository, see https://huggingface.co/mcpotato/42-eicar-street/tree/main.
Due to the detected and verified secrets, the pipeline sends an email notifying the owner so that it can be disabled and updated.
Verified secrets are confirmed to work to authenticate to each provider. However, please note that unverified secrets are not necessarily harmless or invalid. Verification may fail for technical reasons, such as when downtime from a provider.
For more information about automatic scanning, click here.
Enterprise Hub Security Features
In addition to security features available to all users, embracing Face provides advanced security controls for enterprise users. These additional controls allow businesses to build the security configuration that is most effective for them.
Single Sign-On (SSO)
Single Sign-On (SSO) allows users to access multiple applications with one credential. Companies are moving widely to SSO as employees can access a variety of corporate software using identities centrally managed by their IT teams. Hugging Face Enterprise supports SSO with both SAML 2.0 and OpenID Connect (OIDC) protocols, and supports compliant providers such as OKTA, Onelign, Azure AD. Additionally, SSO users can be configured to dynamically assign access control roles based on the data provided by their identity provider. For more information about SSO, please visit https://huggingface.co/docs/hub/en/security-sso
Resource Groups
In addition to basic organizational access control, businesses can define and manage groups of repositories as resource groups. This allows resources to be segmented by teams and objectives, such as “research”, “engineering”, “production”, and so on, ensuring that the compromises of one segment do not affect other segments. For more information about resource groups, see https://huggingface.co/docs/hub/en/security-resource-groups
Organization token management
✨new✨Enterprise users can now manage which tokens have access to their organization and resources. Organization owners can implement the use of fine grain tokens and require administrator approval for each token. Administrators can view and revoke each token that has access to the repository at any time.
For more information about organization token management, see https://huggingface.co/docs/hub/enterprise-hub-tokens-management
Data Residency
Enterprise users have access to data residency controls, allowing them to define where repositories (models, datasets, spaces) are stored. This enables regulatory and legal compliance, improving download and upload performance by bringing data closer to the user. We are currently supporting us and the EU region, with the Asia-Pacific region coming soon. This function is called “storage area.” For more information about data residencies at https://huggingface.co/docs/hub/en/storage-regions, see details
Audit log
Enterprise users have access to audit logs that allow organization administrators to view changes to their repository, settings, and billing. The audit log contains username, location, IP, and actions and can be downloaded as a JSON file that can be used with your own security tools. For more information about audit logs, see https://huggingface.co/docs/hub/en/audit-logs
compliance
The embrace face is certified as SOC2 Type 2 and is GDPR compliant. Provides Business Associate Addendum to the GDPR Data Processing Agreement to Enterprise Plan users. For more information about our compliance efforts, please visit https://huggingface.co/docs/hub/en/security.
Custom Security Features
Hugging Face provides custom agreements and the development of enterprise account features and tools established via work statements (SOWs) and service level agreements (SLAs). You can reach out to the sale directly to discuss options at https://huggingface.co/contact/sales.
Conclusion
When you hug your face, you are committed to providing a safe and reliable platform for the AI community. Robust security features allow users to confidently focus on building and deploying AI models. Whether you are an individual researcher or a large company, our security features are designed to empower you to protect yourself and your assets. By continuing to strengthen our defenses and expanding security features, we aim to stay ahead of new threats and maintain user trust. If you have any questions or feedback about security features, we look forward to hearing from you. Please contact security@huggingface.co!
