Microsoft

Case study: Securing AI application supply chains

The rapid adoption of AI applications, including agents, orchestrators, and autonomous workflows, represents a significant shift in how software systems are built and operated. Unlike traditional ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
The Hacker News

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code ...
Ars Technica

Hugging Face, the GitHub of AI, hosted code that backdoored user devices

Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s ...
IEEE

An Analysis of Python Serialization towards Distributed Systems

Abstract: We explored the current state of Python serialization in the context of distributed computing. The challenging points addressed are: object-type support, speed and size, version ...
InfoWorld

Master Python’s datetime type

Learn how to work with date and time values using Python's datetime library, and how to avoid some of the gotchas and pitfalls of the datetime datatype. Python’s datetime library, part of its standard ...