At a glance
| Organization | Hugging Face |
| Data exposed | A limited set of internal datasets and several service credentials |
| Records affected | Not disclosed; review of partner and customer data ongoing |
| Cause | Malicious dataset abused two code-execution paths in the data-processing pipeline |
| Disclosure status | Confirmed and self-disclosed on July 16, 2026; reported to law enforcement |
| Source | Hugging Face security blog |
TL;DR
The Hugging Face breach hit part of the company’s production infrastructure. An autonomous AI agent ran the whole intrusion at machine speed. Hugging Face found no tampering with public models, datasets, or Spaces.
What was exposed
The Hugging Face breach touched internal systems, not public ones. Attackers reached a limited set of internal datasets and several service credentials. However, the company saw no signs of tampering with user-facing models or Spaces. It also verified its software supply chain as clean. The review of partner and customer data continues.
How it happened
The entry point was the data-processing pipeline. A malicious dataset abused two code-execution paths there. That gave the attacker code execution on a processing worker. From there, they escalated to node-level access. Then they harvested cloud and cluster credentials and moved sideways over a weekend. Hugging Face says the intrusion was “driven, end to end, by an autonomous AI agent system.” The agents ran thousands of actions across short-lived sandboxes. This AI agent attack matches the “agentic attacker” scenario the industry has forecast.
Who is affected
No record count has been confirmed. The exposure hit internal datasets and service credentials. Whether any partner or customer data was affected is still under review. Hugging Face says it will contact affected parties directly if needed.
What affected users should do
Act now as a precaution. Rotate any access tokens tied to your account. Review recent account activity for anything unusual. Then report concerns to the company’s security team.
Company response
Hugging Face closed the code-execution paths used for entry. It rebuilt compromised nodes and rotated affected secrets. The team also added stricter cluster controls and faster alerting. Outside forensic specialists are helping with the investigation. Notably, guardrails on hosted models blocked its forensic queries. So the team ran the analysis on an open-weight model in-house instead.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.