Hugging Face Just Got Hit by the First Fully Autonomous AI Attack

July 18th, 2026

2 hrs 7 mins 29 secs

Your Host
Tags

About this Episode

(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)

Three Buddy Problem - Episode 105: We discuss a fascinating Hugging Face breach, where an autonomous AI agent broke out of the sandboxes, moved laterally through production, and generated 17,000 alerts before anyone caught it, and how frontier model guardrails locked the defenders out of their own investigation.

Plus, China's big AI showcase, Xi's pitch for open models and global distribution, a record 622-CVE Microsoft Patch Tuesday, and 13 years of dwell time in the Daxin backdoor.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:
0:00 Introductory banter
3:51 Hugging Face discloses end-to-end agentic hack
9:42 Why Hugging Face couldn't use frontier models
13:28 AI guardrails hampering defenders
16:22 Codex vs Claude for real malware work
23:43 Flash attacks vs. going low and slow
30:27 Was it targeted, or did Hugging Face pwn itself?
38:11 Long-horizon coherence: what GLM 5.2 still can't do
41:27 Kimi K3 leapfrogs, and Xi's AI speech
52:15 Exceptionalism vs. distribution
1:11:05 Gold Eagle: the White House vulnerability clearinghouse
1:15:05 Microsoft patches 622 CVEs — a record
1:20:29 APT corner: Daxin resurfaces after 13 years of dwell time
1:29:45 Balochistan police, and Microsoft's attribution-free wiper
1:34:26 Denis Obrezkov, leaked Kaspersky records, and the wrong questions
1:46:01 Magnet Forensics sues over a burned iPhone bug
1:57:57 Shout-outs

Episode Links