Loading the catalogue…
Loading the catalogue…
HuggingFace H4 is an internal research team within Hugging Face — a US-incorporated, New York-headquartered organisation — whose mandate is to fine-tune open foundation models to be helpful, honest, and harmless, releasing all weights and training code publicly under permissive licences. Because the parent entity is US-incorporated, both CLOUD Act and FISA Section 702 exposure apply to all Hugging Face infrastructure; EU regulated customers processing sensitive data should self-host H4's open weights within EEA-resident infrastructure rather than relying on Hugging Face-operated endpoints. The parent holds SOC 2 Type 2 certification, publishes a GDPR-compliant privacy policy with enterprise DPAs, and has proactively engaged with EU AI Act GPAI obligations, though the Hub platform has been a persistent and escalating target for supply-chain attacks — including a critical Transformers library RCE (CVE-2026-4372) patched only in March 2026 after a six-month exposure window.
HuggingFace H4 is an internal team of Hugging Face, Inc. — a US-incorporated, US-headquartered entity. As such, it is fully subject to the US CLOUD Act and FISA Section 702, which can compel disclosure of data to US authorities regardless of where data is processed. EU regulated entities in finance, healthcare, and government processing sensitive or personal data must treat this as a primary jurisdictional risk when using any Hugging Face-operated infrastructure.
CVE-2026-4372 (June 2026): Critical silent RCE in the Hugging Face Transformers library, enabling arbitrary code execution simply by loading a malicious model via from_pretrained() without trust_remote_code=True. Affected versions 4.56.0–5.2.x (introduced August 2025, patched March 2026 in v5.3.0) — a 6-month exposure window on a library with 2.2 billion installs. Any enterprise ML pipeline using Transformers to load H4 models during this window was at risk. Organisations must verify they are on v5.3.0+.
The Hugging Face Hub is an active and high-value supply-chain attack surface. Confirmed incidents include: June 2024 Spaces platform breach (auth secrets exposed); namespace hijacking vulnerability allowing model pipeline poisoning (Palo Alto Unit 42, 2025); Android RAT (TrustBastion) hosted on HF infrastructure (January 2026); malicious npm package using HF as malware CDN (April/May 2026); NKAbuse blockchain backdoor delivered via typosquatted HF Space (April 2026, CVE-2026-39987 exploitation). The frequency and variety of these incidents indicate the platform is an entrenched and escalating target.
CVE-2026-25874 (CVSS 9.3): Critical unpatched RCE in Hugging Face's LeRobot open-source robotics platform via unsafe pickle deserialization in unauthenticated gRPC channels. Disclosed April 2026; patch status as of June 2026 unconfirmed. Hugging Face's own team acknowledged deployment security had not been a focus. This is in the same parent org whose Safetensors format was created specifically because pickle is dangerous — the irony was noted by the security research community.
Malicious models uploaded to HF Hub by third parties have repeatedly bypassed platform security scanning tools. ReversingLabs (Feb 2026) found models evading Picklescan via 7z format; Checkmarx criticised Picklescan's blacklist-only approach as not scalable. Enterprises pulling models from HF Hub via automated pipelines are at supply-chain risk even if the model is not authored by H4.
Whether Hugging Face is a formal signatory to the GPAI Code of Practice (published July 10, 2025) is unconfirmed. EU AI Act enforcement powers activate fully on 2 August 2026 — now within weeks. Formal signatory status provides a 'presumption of conformity' safe harbour and reduces regulatory scrutiny burden. Non-signatories face increased information requests from the AI Office. This should be confirmed urgently for enterprise procurement.
Formal submission of training data summaries using the EU AI Office's template (required under Article 53 for GPAI models placed on market from August 2025) has not been publicly confirmed for H4 models. EU customers relying on these models should request up-to-date GPAI compliance documentation from Hugging Face.
HuggingFace H4 is not a standalone legal entity with its own governance, compliance infrastructure, or DPO. It is a small internal research team. All legal accountability flows through Hugging Face, Inc., whose full board composition and governance details are not publicly disclosed. EU regulated customers have no direct contractual relationship with the H4 team.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Full open-weights and open-code posture: H4 publishes all model weights, training recipes, datasets, and evaluation scripts via the public Alignment Handbook repository (Apache 2.0). This is among the most transparent alignment research programmes publicly available, enabling EEA customers to fully audit training methodology and self-host without dependency on Hugging Face infrastructure.
Hugging Face published an EU AI Act compliance guide for GPAI open-source model providers in August 2025, co-authored with the Mozilla Foundation and the Linux Foundation, including a step-by-step checklist and interactive assessment tool. Formal GPAI Code of Practice draft comments submitted January 2025. This demonstrates substantive and proactive engagement with GPAI obligations well ahead of enforcement deadlines.
Hugging Face holds SOC 2 Type 2 certification and offers GDPR DPAs and Business Associate Addendums to Enterprise customers, providing a verified baseline of security controls for regulated-sector deployments.
Since October 2024, Hugging Face has partnered with Protect AI to run Guardian scanning across the HF Hub — covering 4.47M model versions and 352,000 unsafe/suspicious issues identified as of April 2025 — and provides pre-disclosure alerting on critical CVEs. CVE-2026-4372 in Transformers was patched promptly (March 2026) after discovery.
Following the June 2024 Spaces breach, Hugging Face publicly disclosed the incident on its own blog, notified affected users by email, engaged external forensic specialists, reported to law enforcement and data protection authorities, and implemented significant infrastructure hardening (KMS, fine-grained tokens). This demonstrates a responsible and transparent incident response posture.
H4 is widely regarded within the open-source AI research community as a reference implementation for LLM alignment. The Alignment Handbook is used as the canonical reference for DPO/ORPO/SFT alignment training. Collaborations with Argilla, Kaist AI, Mozilla, and the Linux Foundation demonstrate broad institutional trust.
Creator profile
HuggingFace H4 is an internal alignment research team within Hugging Face — a US-incorporated company headquartered in New York — whose mandate is to fine-tune open foundation models to be helpful, honest, and harmless, publishing all weights and training code openly. Because the parent organisation is US-incorporated and US-operated, both CLOUD Act and FISA Section 702 exposure apply, which is a primary concern for EU regulated customers processing sensitive data. The parent organisation is GDPR compliant and SOC 2 Type 2 certified, publishes an EU AI Act guide for GPAI model providers, and has an active model-security partnership with Protect AI, but suffered a notable Spaces platform breach in June 2024 that exposed authentication secrets, demonstrating that the platform remains a security target.
Stav editorial summary
Hugging Face H4 is a United States entity. Training data and weights produced under United States-jurisdiction are covered by the CLOUD Act.
Exposed on training. Inference is unaffected when hosted on Stav infrastructure inside the EEA.
Stav compliance has not yet scored Hugging Face H4. Scores are published once the policy review and infrastructure assessment complete.
Findings
Citations gathered when the Compliance Curator last reviewed this creator’s public-facing documents. Grouped by source so the picture stays auditable.
“Team · company · https://github.com/huggingface/alignment-handbook · Activity Feed · Follow · 1,301 · Aligning LLMs to be helpful, honest, harmless, a...”
“This guide was written as a collaboration between researchers at Hugging Face, the Mozilla Foundation, and the Linux Foundation by Cailean Osborne, Ma...”
“Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org to...”
Team · company · https://github.com/huggingface/alignment-handbook · Activity Feed · Follow · 1,301 · Aligning LLMs to be helpful, honest, harmless, a...
Hugging Face, Inc., is an American company based in New York City that develops computation tools for building applications using machine learning.
The founders, Clément Delangue (CEO), Julien Chaumond (CTO), and Thomas Wolf (CSO), are central to the company's leadership.
Hugging Face H4 is a research team focused on aligning language models to be “helpful, honest, harmless, and huggy.” The team fine tunes foundation mo...
( August 4, 2025, 06:01 GMT | Official Statement) -- MLex Summary: Hugging Face, a major hub for open-source collaboration and AI model development, h...
This guide was written as a collaboration between researchers at Hugging Face, the Mozilla Foundation, and the Linux Foundation by Cailean Osborne, Ma...
Artificial intelligence (AI) company Hugging Face notified users on June 1st, 2024 of a security incident where unauthorized access was detected on it...
The parent Hugging Face, Inc. is well-funded with a strong strategic investor base and actively scaling through acquisitions (XetHub in August 2024, Pollen Robotics in April 2025), providing the H4 team with a stable institutional foundation and continued access to compute and platform infrastructure.
Published safeguards & certifications
“Hugging Face is also SOC2 Type 2 certified, meaning we provide security certification to our customers and actively monitor and patch any security wea...”
“Hugging Face and Protect AI partnered in October 2024 to enhance machine learning (ML) model security through Guardian’s scanning technology for the c...”
“Hugging Face H4 is a research team focused on aligning language models to be “helpful, honest, harmless, and huggy.” The team fine tunes foundation mo...”
“The founders, Clément Delangue (CEO), Julien Chaumond (CTO), and Thomas Wolf (CSO), are central to the company's leadership. ”
“Artificial intelligence (AI) company Hugging Face notified users on June 1st, 2024 of a security incident where unauthorized access was detected on it...”
“Hugging Face, Inc., is an American company based in New York City that develops computation tools for building applications using machine learning. ”
“November 10, 2023: We release all the training code to replicate Zephyr-7b-β 🪁! We also release No Robots, a brand new dataset of 10,000 instructions ...”
“( August 4, 2025, 06:01 GMT | Official Statement) -- MLex Summary: Hugging Face, a major hub for open-source collaboration and AI model development, h...”
As classified under Regulation (EU) 2024/1689.
Provider of GPAI model (general-purpose).
Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org to...
Hugging Face is also SOC2 Type 2 certified, meaning we provide security certification to our customers and actively monitor and patch any security wea...
Hugging Face and Protect AI partnered in October 2024 to enhance machine learning (ML) model security through Guardian’s scanning technology for the c...
November 10, 2023: We release all the training code to replicate Zephyr-7b-β 🪁! We also release No Robots, a brand new dataset of 10,000 instructions ...