Today’s News: Sleepy Pickle Attack Exposes Critical Vulnerability in Machine Learning Supply Chain (November 16, 2025)

A team of researchers from Columbia University, Brown University, Purdue, Google, and Technion has uncovered a devastating supply chain attack vector that threatens the entire machine learning ecosystem. The "Sleepy Pickle" attack exploits how Python's pickle serialization format can execute arbitrary code when loading ML models - a vulnerability affecting nearly every major ML framework and potentially millions of models hosted on platforms like Hugging Face. The researchers demonstrated they could embed cryptocurrency miners, backdoors, and data...

A team of researchers from Columbia University, Brown University, Purdue, Google, and Technion has uncovered a devastating supply chain attack vector that threatens the entire machine learning ecosystem. The "Sleepy Pickle" attack exploits how Python's pickle serialization format can execute arbitrary code when loading ML models - a vulnerability affecting nearly every major ML framework and potentially millions of models hosted on platforms like Hugging Face. The researchers demonstrated they could embed cryptocurrency miners, backdoors, and data exfiltration tools inside legitimate-looking model files that execute silently when loaded, with one proof-of-concept secretly logging all processed data while still performing its intended sentiment analysis task perfectly.

In other developments, solo developer Hans Halverson has been quietly building Brimstone, a JavaScript engine written entirely in Rust that already passes 97% of the official ECMAScript test suite. After nearly three years and 960 commits, the project implements the complete JavaScript specification from scratch, including complex features like Proxy objects and async generators, demonstrating both Rust's maturity for systems programming and the value of having memory-safe alternatives to established engines like V8.

Meanwhile, when interface expert Bruce Ediger noticed Meta's aggressive AI crawler hitting his blog, he responded by feeding it 270,000 procedurally-generated pages about condiments and underwear - which Meta eagerly consumed for its training data before continuing to request non-existent pages for five more months. The incident highlights the desperate and often indiscriminate hunger for training data among AI companies.

The episode also covers Meta's decision to tie employee performance reviews to "AI-driven impact" starting in 2026, and the UK's announcement of its first small modular nuclear reactor facility in Wales, representing a major shift in nuclear deployment strategy.

Links Main segment

• Sleepy Pickle - Trail of Bits Research
• Sleepy Pickle - The Hacker News Article
• Sleepy Pickle - Research Paper on arXiv

News

• Brimstone JavaScript Engine - GitHub
• Blogger Pranks Meta's AI Crawler - Bruce Ediger
• Meta grades workers on AI skills - Business Insider
• UK's first small nuclear power station - BBC