Hugging Face token exposure: what it means for IAM teams

TL;DR: Exposed API credentials can extend from code repositories into model, dataset, and supply-chain compromise, according to Lasso Security, which found 1,681 valid Hugging Face and GitHub tokens, including 655 with write permissions, and mapped access across 723 organisation accounts. Hard-coded tokens turn LLM platforms into identity-risk amplifiers, not just development tools.

NHIMG editorial — based on content published by Lasso Security: 1500+ HuggingFace API Tokens were exposed, leaving millions of Meta-Llama, Bloom, and Pythia users vulnerable

By the numbers:

• Lasso Security found 1,681 valid tokens exposed through Hugging Face and GitHub.
• The research mapped access across 723 organisation accounts.
• 655 users’ tokens were found to have write permissions.

Questions worth separating out

Q: What breaks when Hugging Face API tokens are exposed in public code?

A: Exposed Hugging Face API tokens turn repository access into a live identity compromise because they can reveal ownership, permissions, and in some cases write access.

Q: Why do exposed model registry tokens create supply-chain risk?

A: Because they can change shared artifacts that downstream teams trust.

Q: How do security teams know if NHI tokens in AI workflows are actually under control?

A: Look for three signals: every token has a named owner, write scopes are rare and justified, and exposure triggers automated revocation.

Practitioner guidance

• Inventory Hugging Face and GitHub tokens as governed NHI credentials Create a register of model registry tokens, classify them by scope and owner, and assign a revocation path for each token type.
• Restrict write permissions on shared models and datasets Separate read-only consumption from repository and dataset modification rights, then limit write access to named maintainers.
• Automate exposure detection and revocation Scan public repositories and internal code reviews for token patterns, then revoke exposed credentials immediately and notify owners.

What's in the full report

Lasso Security's full research covers the operational detail this post intentionally leaves for the source:

• Search methodology used to locate exposed Hugging Face and GitHub tokens at scale.
• Examples of how whoami validation exposed token owners, memberships, and permissions.
• Write-access demonstrations against model repositories and datasets.
• The remediation response used after exposed tokens were reported and revoked.

👉 Read Lasso Security's research on exposed Hugging Face API tokens →

Hugging Face token exposure: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →