Securing the world’s most popular AI community platform. How Intelligent Application Edge Optimization Scaled Protection, Reduced Cloud Spend, and Turned Elite Engineers into Force Multipliers
Ready to start?
Overview
Hugging Face is the world’s leading open-source AI community, hosting over 2 million models, more than 500,000 datasets, and 250,000+ Spaces (interactive demo applications), and serving millions of developers and organizations worldwide. Its platform supports high-value user accounts, sensitive access tokens, and mission-critical developer workflows-making security, performance, and availability foundational to its success.
Hugging Face operates with a small, best-in-class team of engineers responsible for cloud operations, infrastructure, and security. The team’s goal was clear: scale and optimize protection without scaling headcount. The team needed a way to multiply its impact-enabling a lean group of experts to operate with the speed, coverage, and precision of an entire organization, while staying focused on what matters most: building the world’s leading AI platform.
By partnering with Huskeys, Hugging Face introduced continuous visibility, optimization, and automation across its AWS WAF and edge stack-transforming native controls into an efficient, cost-aware, and highly scalable system that moves at the speed of the platform.
The Challenge
Operating Security at AI Platform Scale
Hugging Face operates a highly dynamic, developer-centric platform characterized by:
- High-volume API, authenticated, and unauthenticated traffic
- Rapid growth in automation, integrations, and programmatic access
- Constant exposure to scraping, credential abuse, and bot-driven activity
- High sensitivity to performance and availability for developer workflows
To support this scale, the Hugging Face infrastructure team built internal tools and systems designed to deliver an exceptional developer and user experience while operating at global scale.
While Hugging Face had strong baseline protections using native AWS WAF capabilities, operationalizing it introduced several challenges:
- Static managed rules that struggled to adapt to fast-changing traffic patterns, leading to false positives or false negatives.
- High inspection costs driven by advanced bot and account-protection features
- Limited visibility into how rule ordering and configuration choices impacted cost, performance, and effectiveness
- Manual investigation and tuning workflows that slowed response and optimization
The team needed a way to continuously optimize protection, reduce unnecessary spend, and ensure defenses evolved alongside the platform and without replacing infrastructure or adding headcount.
“When I first came across Huskeys, I told them we were struggling with our WAF and considering a switch. We had even built our own internal system to cover capabilities our existing provider didn’t support. As a team, our philosophy is simple: once a tool is configured, we try not to lose too much time constantly managing it. Since working with Huskeys, they’ve enabled us to stay fully focused on scaling our platform while continuously adapting and strengthening our application edge protections and business outcomes. They help us with what needs to be configured, where and why, identify gaps, provide deep visibility into our traffic, and proactively adjust the setup as our conditions, logic, and application evolve. Huskeys has become a force multiplier for our application edge.”
Adrien Carreira, Head of Infrastructure, Hugging Face
The Customer & The Challenge
Operating Security at AI Platform Scale
Hugging Face operates a highly dynamic, developer-centric platform characterized by:
- High-volume API, authenticated, and unauthenticated traffic
- Rapid growth in automation, integrations, and programmatic access
- Constant exposure to scraping, credential abuse, and bot-driven activity
- High sensitivity to performance and availability for developer workflows
To support this scale, the Hugging Face infrastructure team built internal tools and systems designed to deliver an exceptional developer and user experience while operating at global scale.
While Hugging Face had strong baseline protections using native AWS WAF capabilities, operationalizing it introduced several challenges:
- Static managed rules that struggled to adapt to fast-changing traffic patterns, leading to false positives or false negatives.
- High inspection costs driven by advanced bot and account-protection features
- Limited visibility into how rule ordering and configuration choices impacted cost, performance, and effectiveness
- Manual investigation and tuning workflows that slowed response and optimization
The team needed a way to continuously optimize protection, reduce unnecessary spend, and ensure defenses evolved alongside the platform and without replacing infrastructure or adding headcount.
The Approach: Continuous Optimization Without Replacement
Huskeys deployed its AI-powered security control plane on top of Hugging Face’s existing AWS WAF and edge stack: initial onboarding required only simple, read-only access cloudformation - to deliver continuous visibility, optimization, and orchestration.
Key Capabilities Implemented
1. Unified WAF visibility and inspection analysis
Huskeys delivers deep visibility into how traffic flowed through each WAF inspection stage-highlighting where benign traffic was over-inspected, where malicious traffic was stopped too late and costs accumulated unnecessarily.
2. Continuous posture and effectiveness assessment
The platform continuously analyzed:
- Rule mapping, ordering and inspection flow
- Endpoint-specific risk profiles
- Overall edge protection score and coverage
- Real-time traffic spikes, logic abuse, bot traffic, and false positives
- Traffic costs optimizations across managed rules and inspections
This allowed Hugging Face to proactively identify gaps, inefficiencies, and optimization opportunities.
3. Precision tuning and orchestration
Instead of broad rule changes, Huskeys enabled:
- Endpoint-specific rate limits
- Early-stage filtering for high-risk traffic
- Fingerprint- and behavior-based controls
- Safe rollouts with validation and rollback
4. Cost-aware security decisions
Huskeys connected security posture directly to financial impact, helping the team understand how configuration choices affected monthly spend, worst-case exposure, and long-term scalability.
Results: Stronger Security, Lower Cost, Faster Operations
Expanded Protection with Higher Efficiency
Huskeys significantly increased protection coverage while improving performance across critical Hugging Face workflows.
Results:
- 83% increase in protection coverage across authentication and API endpoints
- Earlier interception of malicious traffic in the inspection chain
- Reduced exposure to WAF bypasses, abuse, and automated attacks
Meaningful and Measurable Cost Reduction
By providing clear, continuous visibility into security related cloud spend, and optimizing how and where traffic was inspected, Huskeys helped Hugging Face dramatically reduce unnecessary spend while preserving strong security.
Results:
- 40% reduction in unnecessary WAF inspections
- Elimination of recurring high-cost rule execution where not required
- Prevention of over than $200K per month in potential mitigation costs from volumetric abuse
Faster Operations and Security as a Growth Enabler
Huskeys transformed day-to-day security operations-shifting the team from reactive WAF management to proactive optimization that supports platform growth.
Results:
- Automated rule tuning and investigation workflows
- Faster response to emerging abuse patterns
- Safer changes with minimal risk to legitimate users, even where default managed rule sets were blocking legitimate traffic.
With Huskeys, security decisions became more precise, more cost-efficient, and better aligned with developer experience-allowing Hugging Face to scale confidently as traffic patterns and threats evolved.
Key Takeaway
Hugging Face transformed its edge security into a dynamic, cost-aware, and continuously optimized system-amplifying the impact of every security engineer and turning a lean team into a true force multiplier.
All without replacing tools, increasing headcount, or disrupting production-using simple, read-only access to existing AWS network controls, so engineers could stay focused on building the world’s best AI platform.
About Huskeys
Huskeys provides an AI-powered control plane for application edge security that sits on top of existing WAF and CDN infrastructure. Huskeys helps organizations continuously optimize protection, reduce cost, and orchestrate security operations at scale-without replacing existing WAF vendors or disrupting production.
Learn how leading AI and technology platforms secure their edge efficiently with Huskeys.
