Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms

A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and open-source platforms. Discover how attackers can secretly replace trusted models and what can be done to stop it.

A new security vulnerability has been discovered that could allow attackers to hijack popular AI models and infect systems on major platforms like Google’s Vertex AI and Microsoft’s Azure AI Foundry. The research, conducted by the Unit 42 team at Palo Alto Networks, revealed a critical flaw they call “Model Namespace Reuse.”

For your information, AI models are often identified by a simple naming convention like Author/ModelName. This name, or “namespace,” is how developers reference models, much like a website address. This simple naming convention, while convenient, can be exploited. The research shows that when a developer deletes their account or transfers ownership of a model on the popular platform Hugging ...