What is the official website of Hugging Face ?

The official website of Hugging Face is https://huggingface.co.

What is Hugging Face's cybersecurity risk score?

Hugging Face has an AI-generated cybersecurity risk score of 730 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has Hugging Face experienced?

According to Rankiteo, Hugging Face currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Hugging Face been affected by any supply chain cyber incidents ?

According to Rankiteo, Hugging Face has been affected by a supply chain cyber incident involving marimo, with the incident ID MARHUG1779193669.

Does Hugging Face have SOC 2 Type 1 certification ?

According to Rankiteo, Hugging Face is not certified under SOC 2 Type 1.

Does Hugging Face have SOC 2 Type 2 certification ?

According to Rankiteo, Hugging Face does not hold a SOC 2 Type 2 certification.

Does Hugging Face comply with GDPR ?

According to Rankiteo, Hugging Face is not listed as GDPR compliant.

Does Hugging Face have PCI DSS certification ?

According to Rankiteo, Hugging Face does not currently maintain PCI DSS compliance.

Does Hugging Face comply with HIPAA ?

According to Rankiteo, Hugging Face is not compliant with HIPAA regulations.

Does Hugging Face have ISO 27001 certification ?

According to Rankiteo,Hugging Face is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Hugging Face operate in ?

Hugging Face operates primarily in the Software Development industry.

How many employees does Hugging Face have ?

Hugging Face employs approximately 726 people worldwide.

Does Hugging Face own any subsidiaries ?

Hugging Face presently has no subsidiaries across any sectors.

How many LinkedIn followers does Hugging Face have ?

Hugging Face's official LinkedIn profile has approximately 35,000 followers.

What is the NAICS classification code for Hugging Face ?

Hugging Face is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Hugging Face have a Crunchbase profile ?

Yes, Hugging Face has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/hugging-face.

Does Hugging Face have a LinkedIn profile ?

Yes, Hugging Face maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/huggingface.

How many cybersecurity incidents has Hugging Face experienced ?

As of June 15, 2026, Rankiteo reports that Hugging Face has experienced 3 cybersecurity incidents.

How many peer or competitor companies does Hugging Face have ?

Hugging Face has an estimated 30,078 peer or competitor companies worldwide.

What types of cybersecurity incidents has Hugging Face faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Hugging Face

Boost Score +25 with badge (5 left)

730

/1000

Moderate

755

/1000

Fair

Hugging Face Vendor Cyber Rating & Cyber Score

huggingface.co

cb in

Add Your Compliance Badge

The AI community building the future.

Hugging Face A.I CyberSecurity Scoring

Scoring History

Hugging Face

Hugging Face CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Hugging Face

Cyber Attack

5/2026

marimo

MARHUG177919366...

Hugging Face

Vulnerability

100

4/2026

HUG1777387852

Hugging Face

Vulnerability

100

3/2026

HUG1780734439

Loading…

A.I.

Hugging Face Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Hugging Face

Incidents vs Software Development Industry Avg (This Year)

Hugging Face has 183.02% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Hugging Face has 180.37% more incidents than the average of all companies with at least one recorded incident.

Incident Types Hugging Face vs Software Development Industry Avg (This Year)

Hugging Face reported 3 incidents this year: 1 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - Hugging Face (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Hugging Face Subsidiaries

Parent Company

Hugging Face

Software Development

Website: https://huggingface.co

Company Size: 51-200 employees

No subsidiary data available for this company.

Loading…

Hugging Face Similar Companies

KPIT

kpit.com

About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles through its advanced solutions, platforms, and products—propelled by mobility-infused AI frameworks, software craftsmanship, and systems integration mastery. Vision in Motion Fueled by 2000+ vehicle production programs and powering 20+ million vehicles on the road with KPIT software, our experience in unmatched. At the same time, we push boundaries, developing solutions that enable Mobility OEMs to innovate at speed and scale. For more details, visit www.kpit.com

Epic

epic.com

Join us in our mission to help the world get well, help the world stay well, and help future generations be healthier. We hire smart and motivated people from all academic majors to code, test, and implement healthcare software that hundreds of millions of patients and doctors rely on to improve care and ultimately save lives around the globe. No healthcare experience is necessary; we'll train you to be an expert in health IT and we'll provide you with personal development classes to grow as a professional. Our expectations for you are high, but in healthcare so are the stakes.

Meituan

meituan.com

Adhering to the ‘Retail + Technology’ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we provide quality services for consumers. On 20 September, 2018, Meituan was listed on the Main Board of the Stock Exchange of Hong Kong. Meituan has always put customers first, and continuously increased its R&D investment in new technologies. Meituan will join hands with all partners to fulfill our social responsibility and create more values for the society.

Xiaomi Technology

cb mi.com

Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision of “Make friends with users and be the coolest company in the users’ hearts”, Xiaomi continuously pursues innovations, high-quality user experience and operational efficiency. The company relentlessly builds amazing products with honest prices to let everyone in the world enjoy a better life through innovative technology. Xiaomi is one of the world's leading smartphone companies. The company has also established the world’s leading consumer AIoT (AI+IoT) platform,reached 558 million smart devices connected to its platform (excluding smartphones,laptops and tablets) as of September 30 2022. Xiaomi products are present in more than 100 countries and regions around the world. In August 2022, Xiaomi was included in the Fortune Global 500 list for the fourth year in a row, ranking 266th. The company is the fastest-rising Chinese technology conglomerate during the four-year period. Xiaomi is a constituent of the Hang Seng Index, Hang Seng China Enterprises Index, Hang Seng TECH Index and Hang Seng China 50 Index.

Databricks

databricks.com

Databricks is the Data and AI company. More than 20,000 organizations worldwide — including adidas, AT&T, Bayer, Block, Mastercard, Rivian, Unilever, and over 60% of the Fortune 500 — rely on Databricks to build and scale data and AI apps, analytics and agents. Headquartered in San Francisco with 30+ offices around the globe, Databricks offers a unified Data Intelligence Platform that includes Agent Bricks, Lakeflow, Lakehouse, Lakebase and Unity Catalog. --- Databricks applicants Please apply through our official Careers page at databricks.com/company/careers. All official communication from Databricks will come from email addresses ending with @databricks.com or @goodtime.io (our meeting tool).

Booking.com

booking.com

A career at Booking.com is all about the journey, helping you explore new challenges in a place where you can be your best self. With plenty of exciting twists, turns and opportunities along the way. We’ve always been pioneers, on a mission to shape the future of travel through cutting edge technology, to make it easier for everyone to enjoy amazing experiences wherever they go. Under a desert sky, or in the heart of a bustling city. Discovering the perfect hideaway, or the perfect paella. When you join us, you’ll be part of a community where taking a different path and trying something new is celebrated and supported. And where making a difference counts. We’re determined to make the world of travel more sustainable, more accessible, and more inclusive, to create a positive impact on a global scale. That’s why we’re always looking for people who search for better solutions, the ones eager to stray off the beaten path to find new ways of doing things. Because at Booking.com it’s more than a job, it’s a journey we’re on together.

Pitney Bowes

cb pitneybowes.com

Pitney Bowes is a technology-driven company that provides digital shipping solutions, mailing innovation, and financial services to clients around the world – including more than 90 percent of the Fortune 500. Small businesses to large enterprises, and government entities rely on Pitney Bowes to reduce the complexity of sending mail and parcels.

Infor

infor.com

Infor is a global leader in business cloud software products for companies in industry specific markets. Infor builds complete industry suites in the cloud and efficiently deploys technology that puts the user experience first, leverages data science, and integrates easily into existing systems. Over 60,000 organizations worldwide rely on Infor to help overcome market disruptions and achieve business-wide digital transformation. Here are some key insights: • 60,000+ customers • 100+ offices • 1,700+ support experts • 2,000+ partners • 17,000+ employees • 175+ countries where customers are located • 15,000+ cloud customers • 40+ countries with Infor offices

Trimble Inc.

trimble.com

Trimble is a global technology company that connects the physical and digital worlds, transforming the ways work gets done. With relentless innovation in precise positioning, modeling and data analytics, Trimble enables essential industries including construction, geospatial and transportation. Whether it's helping customers build and maintain infrastructure, design and construct buildings, optimize global supply chains or map the world, Trimble is at the forefront, driving productivity and progress. For more information about Trimble (Nasdaq: TRMB), visit: www.trimble.com.

Loading…

NEWS

Hugging Face CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 24, 2026 08:00 AM

Threat Actors Weaponized AI Tools to Gain Full Domain Access within 30 Minutes

AI-powered attacks surged 89% in 2025, with breakout times dropping to 29 minutes, accelerating network intrusions globally.

Read Article

February 14, 2026 08:00 AM

Android malware hidden in fake antivirus app

If you use an Android phone, this deserves your attention. Right now, cybersecurity researchers warn that hackers are using Hugging Face,...

Read Article

February 03, 2026 08:00 AM

Hackers Used Hugging Face to Distribute Android Banking Trojans

Cybersecurity researchers uncovered a sophisticated malware campaign that exploited Hugging Face's trusted AI infrastructure to distribute...

Read Article

February 03, 2026 08:00 AM

Hugging Face Repositories Used to Spread Android RAT Malware

Attackers have exploited Hugging Face repositories to distribute Android RAT malware disguised as a security app, hosting thousands of...

Read Article

February 03, 2026 06:00 AM

Android Security Alert: Fake Apps Abuse Hugging Face to Spread Spyware

Cybersecurity researchers are warning that the current AI boom has opened a new and dangerous attack surface on Android devices.

Read Article

February 02, 2026 08:00 AM

Hugging Face Repositories Abused in New Android Malware Campaign

Attackers exploited Hugging Face's trusted infrastructure to spread an Android RAT, using fake security apps and thousands of malware...

Read Article

February 02, 2026 08:00 AM

Cybercriminals hijack AI hosting service to compromise users

Bitdefender researchers have uncovered an Android remote access trojan campaign that highlights how legitimate developer platforms can be...

Read Article

January 31, 2026 08:00 AM

Hugging Face platform abused to spread Android malware variants

An Android RAT (remote access trojan) campaign combines social engineering, the resources of the Hugging Face online platform as staging,...

Read Article

January 30, 2026 08:00 AM

Attackers Using Hugging Face Hosting to Deliver Android RAT Payload

Android malware spreads via fake security alerts, tricking users to install TrustBastion that gives attackers full device control.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12191

SUMMARY

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 7.8)

cvss2

Base Score: 6.8

Complexity: LOW

AV:L/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.1

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-12190

SUMMARY

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 5.3)

cvss2

Base Score: 4.3

Complexity: LOW

AV:L/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 4.8

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.8

REFERENCES

CVE-2026-12189

SUMMARY

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 5.3)

cvss2

Base Score: 4.3

Complexity: LOW

AV:L/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 1.9

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.8

REFERENCES

CVE-2026-12188

SUMMARY

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 6.3)

cvss2

Base Score: 6.5

Complexity: LOW

AV:N/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 6.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

2.8

REFERENCES

CVE-2026-12187

SUMMARY

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 4.7 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…