Fake OpenAI Privacy Filter Clone Reached #1 Trending on Hugging Face Before Infostealer Discovery

Security researchers have uncovered a fraudulent repository on Hugging Face that impersonated OpenAI's Privacy Filter model and distributed infostealer malware to an estimated 244,000 downloads before removal. The fake repo reportedly achieved #1 trending status on the platform, leveraging the credibility of OpenAI's name and the Privacy Filter's legitimate security function to deceive developers. The incident has drawn renewed attention to vulnerabilities in the AI model distribution ecosystem.

The campaign exploited trust in OpenAI's brand and the growing reliance on community-contributed models hosted through Hugging Face's open repository infrastructure. Researchers identified the malicious repo as part of a broader pattern of AI supply chain attacks, where threat actors weaponize popular or useful model names to maximize infection reach. The Privacy Filter itself—a tool intended to sanitize sensitive data from AI outputs—became the bait for a malware delivery operation. The scale of downloads suggests significant exposure across developer environments, many of which may now require forensic review.

The discovery highlights escalating risks in how AI artifacts are consumed and deployed. Unlike traditional software packages, machine learning models can contain obfuscated payloads within weights that are difficult to audit without execution. Security teams face mounting pressure to implement stricter verification pipelines before integrating external models. For organizations building on AI infrastructure, the incident reinforces that trust in model provenance and platform reputation alone cannot substitute for rigorous scanning and sandboxing protocols.