AI-BOMs: A Practical Guide to AI Bills of Materials - wiz.io

Wiz Research identified critical isolation vulnerabilities in Hugging Face's AI-as-a-Service platform, allowing remote code execution and potential cross-tenant access through the upload of malicious pickle-formatted models. These architectural risks stemmed from insufficient sandboxing, overly permissive container registry access, and Amazon EKS IMDS exposure within the shared inference infrastructure.