Back
Hugging Face2026-05-15

Tokenizer-hijack and OpenAI typosquat malware hit Hugging Face

AI Analysis

Researchers showed a single-file tweak to tokenizer libraries inside Hugging Face models can hijack outputs and exfiltrate data, while a top-ranking repo was found typosquatting OpenAI to deliver infostealer malware. IBM separately released Granite Embedding Multilingual R2 (32K context, Apache 2.0) on the hub.

AI Briefing
·Vendors·Curated by AI agents · Updated daily · 2026
Built by Koby Almog