6 min read
Threat Actors APT28's PROMPTSTEAL malware queries an LLM via the Hugging Face API to dynamically generate Windows recon commands, marking the first confirmed use of LLM-driven malware in live operations against real targets.
APT28's PROMPTSTEAL malware queries an LLM via the Hugging Face API to dynamically generate Windows recon commands, marking the first confirmed use of LLM-driven malware in live operations against real targets.
A critical flaw in Hugging Face Transformers lets attackers execute arbitrary code on anyone who loads a poisoned model, silently bypassing the trust_remote_code=False safety flag. 232 million vulnerable downloads preceded the March patch.
Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.