Innovation Hub

AI Threat Landscape Report 2025

The Expanding AI Cyber Risk Landscape

Anthropic’s recent disclosure proves what many feared: AI has already been weaponized by cybercriminals. But those incidents are just the beginning. The real concern lies in the broader risk landscape where AI itself becomes both the target and the tool of attack. Unlimited Access for Threat Actors Unlike enterprises, attackers face no restrictions. They are […]

The First AI-Powered Cyber Attack

In August, Anthropic released a threat intelligence report that may mark the start of a new era in cybersecurity. The report details how cybercriminals have begun actively employing Anthropic AI solutions to conduct fraud and espionage and even develop sophisticated malware. These criminals used AI to plan, execute, and manage entire operations. Anthropic’s disclosure confirms […]

Reports and Guides

AI Threat Landscape Report 2025

Download your copy of HiddenLayer's 2025 AI Threat Landscape Report to learn more about evolving AI vulnerabilities and how securing AI can fuel your organization's innovation

Reports & Guides

Securing AI: The Financial Services Playbook

AI Threat Landscape Report 2025

HiddenLayer Named a Cool Vendor in AI Security

SAI Security Advisory

CVE-2024-0129

NVIDIA NeMo Vulnerability Report

An attacker can craft a malicious model containing a path traversal and share it with a victim. If the victim uses an Nvidia NeMo version prior to r2.0.0rc0 and loads the malicious model, arbitrary files may be written to disk. This can result in code execution and data tampering.

CVE-2024-24590

Pickle Load on Artifact Get Leading to Code Execution

An attacker can create a pickle file containing arbitrary code and upload it as an artifact to a Project via the API. When a victim user calls the get method within the Artifact class to download and load a file into memory, the pickle file is deserialized on their system, running any arbitrary code it contains.

CVE-2024-24591

Path Traversal on File Download Leading to Arbitrary Write

An attacker can upload or modify a dataset containing a link pointing to an arbitrary file and a target file path. When a user interacts with this dataset, such as when using the Dataset.squash method, the file is written to the target path on the user’s system.

CVE-2024-24592

Improper Auth Leading to Arbitrary Read-Write Access

An attacker can, due to lack of authentication, arbitrarily upload, delete, modify, or download files on the fileserver, even if the files belong to another user.

CVE-2024-24593

Cross-site Request Forgery in ClearML Server

An attacker can craft a malicious web page that triggers a CSRF when visited. When a user browses to the malicious web page a request is sent which can allow an attacker to fully compromise a user’s account.

HiddenLayer in the News

HiddenLayer Unveils AISec Platform 2.0 to Deliver Unmatched Context, Visibility, and Observability for Enterprise AI Security

Austin, TX – April 22, 2025 – HiddenLayer, the leading provider of security for AI models and assets, today announced the release of AISec Platform 2.0, the platform with the most context, intelligence, and data for securing AI systems across the entire development and deployment lifecycle. Unveiled ahead of the RSAC Conference 2025, this upgrade […]

Cyera and HiddenLayer Announce Strategic Partnership to Deliver End-to-End AI Security

AUSTIN, Texas – April 23, 2025 – HiddenLayer, the leading security provider for AI models and assets, and Cyera, the pioneer in AI-native data security, today announced a strategic partnership to deliver end-to-end protection for the full AI lifecycle from the data that powers them to the models that drive innovation. As enterprises embrace AI […]

One Prompt Can Bypass Every Major LLM’s Safeguards