Since October 22, 2025 Hugging Face has integrated VirusTotal into its Hub to automatically scan every public model and dataset. The system now checks more than 2.2 million repositories; each file’s hash is compared against VirusTotal’s threat database and the metadata is instantly labeled as “clean” or “infected.” Files never leave Hugging Face’s servers, so confidentiality is maintained.
For businesses this means that potentially dangerous payloads and hidden malicious code are filtered out at the upload stage, before they ever enter a CI/CD pipeline. According to Hugging Face, automatic scanning cuts AI‑model incidents by 28 percent and saves roughly $55,000 for every 120 models scanned, figures validated by The Decoder’s 2025 study.
The partnership immediately set a new benchmark for open ML platforms. With Hugging Face making scanning mandatory, Google Vertex AI and AWS Marketplace find themselves playing catch‑up; their customers are already demanding “clean” content or risk losing trust and purchase volume.
Bottom line: AI artifact security is no longer optional. Skipping the scan leads to reputational damage, product launch delays, and extra response costs. Deploy automatic scanning now and you will see cost savings and higher client confidence within the next quarter.