From c49b279c4ab9a28f7bfa8a77de2b44891c80291b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Thu, 11 Sep 2025 13:44:15 +0200 Subject: [PATCH 1/5] Adds warning to NLP docs about using models only from trusted sources. --- .../machine-learning/nlp/ml-nlp-import-model.md | 7 +++++++ explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md index b45e0fea41..de914125dc 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md @@ -10,6 +10,13 @@ products: # Import the trained model and vocabulary [ml-nlp-import-model] +::::{warning} +Uploading and running untrusted models can expose your {es} cluster to remote code execution (RCE) vulnerabilities. +NLP models are a mixture of code and data. If a malicious model is uploaded and used, the model can execute arbitrary code on the {es} server. + +**Upload and run models only from providers you trust. Do not upload models from unverified or unknown sources.** +:::: + ::::{important} If you want to install a trained model in a restricted or closed network, refer to [these instructions](eland://reference/machine-learning.md#ml-nlp-pytorch-air-gapped). :::: diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md index a049339e72..6a7d1bfed3 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md @@ -11,6 +11,15 @@ products: # Compatible third party models [ml-nlp-model-ref] +::::{warning} +Uploading and running untrusted models can expose your {es} cluster to remote code execution (RCE) vulnerabilities. +NLP models are a mixture of code and data. If a malicious model is uploaded and used, the model can execute arbitrary code on the {es} server. + +**Upload and run models only from providers you trust. Do not upload models from unverified or unknown sources.** + +The models listed on this page are all from a trusted source – Hugging Face. +:::: + ::::{note} The minimum dedicated ML node size for deploying and using the {{nlp}} models is 16 GB in {{ech}} if [deployment autoscaling](../../../deploy-manage/autoscaling.md) is turned off. Turning on autoscaling is recommended because it allows your deployment to dynamically adjust resources based on demand. Better performance can be achieved by using more allocations or more threads per allocation, which requires bigger ML nodes. Autoscaling provides bigger nodes when required. If autoscaling is turned off, you must provide suitably sized nodes yourself. :::: From 30e481cd4d07c95e7569fff95239f269a24f3288 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Thu, 11 Sep 2025 14:30:00 +0200 Subject: [PATCH 2/5] Update explore-analyze/machine-learning/nlp/ml-nlp-import-model.md Co-authored-by: Liam Thompson --- explore-analyze/machine-learning/nlp/ml-nlp-import-model.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md index de914125dc..58311addf6 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md @@ -11,10 +11,9 @@ products: # Import the trained model and vocabulary [ml-nlp-import-model] ::::{warning} -Uploading and running untrusted models can expose your {es} cluster to remote code execution (RCE) vulnerabilities. -NLP models are a mixture of code and data. If a malicious model is uploaded and used, the model can execute arbitrary code on the {es} server. +Untrusted models can execute arbitrary code on your {{es}} server, exposing your cluster to remote code execution (RCE) vulnerabilities. -**Upload and run models only from providers you trust. Do not upload models from unverified or unknown sources.** +**Only use models from trusted sources and never use models from unverified or unknown providers.** :::: ::::{important} From 30a7bc086a2f0e6778862fcedca8406a5c9d7446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Thu, 11 Sep 2025 14:30:38 +0200 Subject: [PATCH 3/5] Update explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md --- explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md index 6a7d1bfed3..61e3f96ec8 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md @@ -12,10 +12,9 @@ products: # Compatible third party models [ml-nlp-model-ref] ::::{warning} -Uploading and running untrusted models can expose your {es} cluster to remote code execution (RCE) vulnerabilities. -NLP models are a mixture of code and data. If a malicious model is uploaded and used, the model can execute arbitrary code on the {es} server. +Untrusted models can execute arbitrary code on your {{es}} server, exposing your cluster to remote code execution (RCE) vulnerabilities. -**Upload and run models only from providers you trust. Do not upload models from unverified or unknown sources.** +**Only use models from trusted sources and never use models from unverified or unknown providers.** The models listed on this page are all from a trusted source – Hugging Face. :::: From 1e3f83c8539a8adb84778540987b4f9f7e22ce09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Mon, 15 Sep 2025 09:51:09 +0200 Subject: [PATCH 4/5] Update explore-analyze/machine-learning/nlp/ml-nlp-import-model.md Co-authored-by: David Kyle --- explore-analyze/machine-learning/nlp/ml-nlp-import-model.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md index 58311addf6..20a769049c 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md @@ -11,7 +11,7 @@ products: # Import the trained model and vocabulary [ml-nlp-import-model] ::::{warning} -Untrusted models can execute arbitrary code on your {{es}} server, exposing your cluster to remote code execution (RCE) vulnerabilities. +PyTorch models can execute code on your {{es}} server exposing your cluster to potential security vulnerabilities. **Only use models from trusted sources and never use models from unverified or unknown providers.** :::: From eb65b799048d906dca5e1c04f679a16c32d53772 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Mon, 15 Sep 2025 09:52:06 +0200 Subject: [PATCH 5/5] Apply suggestions from code review --- explore-analyze/machine-learning/nlp/ml-nlp-import-model.md | 2 +- explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md index 20a769049c..d4b2f4100c 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-import-model.md @@ -11,7 +11,7 @@ products: # Import the trained model and vocabulary [ml-nlp-import-model] ::::{warning} -PyTorch models can execute code on your {{es}} server exposing your cluster to potential security vulnerabilities. +PyTorch models can execute code on your {{es}} server, exposing your cluster to potential security vulnerabilities. **Only use models from trusted sources and never use models from unverified or unknown providers.** :::: diff --git a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md index 61e3f96ec8..a239e1f015 100644 --- a/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md +++ b/explore-analyze/machine-learning/nlp/ml-nlp-model-ref.md @@ -12,7 +12,7 @@ products: # Compatible third party models [ml-nlp-model-ref] ::::{warning} -Untrusted models can execute arbitrary code on your {{es}} server, exposing your cluster to remote code execution (RCE) vulnerabilities. +PyTorch models can execute code on your {{es}} server, exposing your cluster to potential security vulnerabilities. **Only use models from trusted sources and never use models from unverified or unknown providers.**