Fake OpenAI Privacy Filter Clone Dominated Hugging Face Trend—Extracting Credentials in Plain Sight

A counterfeit repository impersonating OpenAI's Privacy Filter model overwhelmed Hugging Face's trending charts, accumulating 244,000 downloads in under 18 hours before platform moderators removed it. Security researchers who examined the malicious clone discovered it was designed to harvest user credentials, exploiting the trust developers place in popular open-source AI resources.

The fake repository masqueraded as an official OpenAI release, riding the wave of interest in privacy-focused AI tools to achieve unprecedented reach on the platform. Its rapid ascent to the top of Hugging Face's trending list underscores how effectively threat actors can weaponize the AI community's appetite for readily available models. The incident exposes a critical vulnerability in the model-sharing ecosystem: the ease with which adversaries can weaponize familiarity and reputation.

The case raises pressure on both OpenAI and Hugging Face to tighten verification pipelines for uploaded repositories. Security experts warn that similar supply chain attacks against AI developers could become more frequent as the field expands. For now, the episode serves as a stark reminder that downloading pre-trained models carries risk—particularly when the source's legitimacy has not been independently confirmed.