Data shows public AI repos may be quietly becoming a supply chain risk

We analyzed over 1.8 million Hugging Face model repositories and found widespread licensing ambiguity, risky serialization formats, and subtle file-level inconsistencies—including drift between declared and actual artifact content. Even among the most-downloaded models, a surprising number are missing licenses or contain flagged files. Curious how others are thinking about model integrity and compliance in production.