Flaw in AI Libraries Exposes Models to Remote Code Execution

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face Rashmi Ramesh (rashmiramesh_) • January 14, 2026

Vulnerabilities in three artificial intelligence libraries could allow attackers to execute malicious code by loading a compromised model file. The flaws affect open-source tools created by Apple, Salesforce and Nvidia that power models collectively downloaded tens of millions of times on Hugging Face.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

Palo Alto Networks identified security issues in NeMo, Uni2TS and FlexTok, three Python libraries designed for AI research. The vulnerabilities let attackers embed code in the AI's metadata that executes automatically when the model loads.

The three libraries all use Hydra, a configuration tool maintained by Meta that's popular in machine learning projects. Each library calls Hydra's instantiate function to load settings from model metadata without properly checking the input first.

Palo Alto Networks ...