Open-OSS/privacy-filter: Typosquatting the AI Model Registry
A malicious Hugging Face repo typosquatted OpenAI's Privacy Filter, hit #1 trending at 244K downloads, and shipped a Rust infostealer — a warning for AI skills.
#dual-side-verification
3 articles with this tag.
LiteLLM's PyPI Backdoor: What It Means for the AI Skill Supply Chain
Attackers injected a credential stealer into litellm (95M downloads) via compromised CI/CD. What happened and why AI skills face the same threat.
ClawHavoc: 1,184 Malicious Skills and Why Pre-Install Verification Matters
Post-mortem of ClawHavoc — the largest AI skill supply chain attack on record — and what it reveals about the limits of reactive security models.