Topics
Browse posts by category and tag — every topic we cover, with the latest pieces under each.
Tags
- #ml-supply-chain 6
- #vulnerability-management 6
- #ml-cve 5
- #cve 4
- #deserialization 4
- #langchain 2
- #ml-security 2
- #model-security 2
- #pytorch 2
- #tensorflow 2
- #transformers 2
- #agent-security 1
- #ai-security 1
- #ai-supply-chain 1
- #code-injection 1
- #devsecops 1
- #hugging-face 1
- #keras 1
- #machine-learning 1
- #machine-learning-security 1
- #mlops 1
- #mlsec 1
- #nvd 1
- #prompt-injection 1
- #supply-chain 1
- #triage 1
Categories
Vulnerability Tracking 5 posts
- Hugging Face Transformers & Hub: Supply-Chain Risks and Real AdvisoriesThe Hugging Face ecosystem is the npm of machine learning — and it carries the same supply-chain exposure. A tour of verified Transformers CVEs and what
- PyTorch Security: Notable CVEs and How to Harden Your Loading PathPyTorch's most consequential CVEs cluster around one thing — loading a model file that runs code. A walk through the verified entries, what each actually
- trust_remote_code and the ML Orchestration CVE ClassA second family of ML supply-chain CVEs has nothing to do with model weights and everything to do with the glue: transformers' trust_remote_code
- Unsafe Model Deserialization: The Pickle Problem Behind ML CVEsLoading a model file can execute arbitrary code. This is the single most repeated vulnerability class in the ML supply chain — the real CVEs, why the
- ML CVE Database Vulnerabilities: What's Tracked and MissingHow ML CVE database vulnerabilities are catalogued in NVD and MITRE, why the taxonomy breaks down for AI-specific flaws, and which real CVEs in
defense 2 posts
- How to Triage an ML-Stack CVE: A Practical WorkflowA repeatable workflow for taking an ML-library CVE from 'a scanner flagged it' to a defensible decision — without panic-patching everything or trusting
- Reading an ML Library CVE: What to Extract Beyond the CVSS ScoreML library CVEs are usually scored against a generic threat model that doesn't match how the library is used in production AI systems.