Hugging Face Hub

Top Builders

Explore the top contributors showcasing the highest number of app submissions within our community.

Hugging Face Hub

The Hugging Face Hub is an open-source repository platform that hosts over one million machine learning models, datasets, and interactive applications. It serves as the central collaboration layer for the ML community, enabling developers to discover, share, version, and deploy models across every modality including text, vision, audio, and multimodal. Model checkpoints on the Hub are compatible with the Transformers, Diffusers, and Datasets libraries, and can be loaded in a few lines of code.

General
Author	Hugging Face
Type	ML Model Repository and Collaboration Platform
Website	huggingface.co
Documentation	Hub Documentation
Repository	github.com/huggingface/huggingface_hub
Models	huggingface.co/models
Datasets	huggingface.co/datasets

Start building with Hugging Face Hub

The Hub is the fastest way to get a pretrained model running in your project. Load any of the 1M+ checkpoints directly into Transformers or Diffusers with a single function call, or browse the Hub to find the right base model for your use case. You can host your own models privately and share fine-tuned adapters with the community without uploading full model weights. During AMD-sponsored hackathons on lablab.ai, participants pull models from the Hub, fine-tune or build on them using AMD Developer Cloud GPUs, and publish their final projects back to the Hub as a Space. Explore what the community has built at Hugging Face Use Cases and Applications.

Hugging Face Hub Tutorials

Getting Started

Hub Documentation Full reference for model cards, repos, and the Hub API
huggingface_hub Python library Python SDK for interacting with the Hub programmatically
Model Hub Browse all publicly available models by task, framework, and license
Datasets Hub Browse curated datasets for training and evaluation

Key Features

1M+ models Text, vision, audio, multimodal, and specialized domain models from top research teams and companies including Meta, Mistral, Google, and Alibaba Cloud.

Private repositories Host proprietary models and datasets with access controls. Upgrade to a PRO or Enterprise account for private inference endpoints.

Model cards Structured documentation for model limitations, intended use, training details, and evaluation results — standardized across all public checkpoints.

Version control Git-based versioning with LFS support for large files. Every model and dataset on the Hub has a full commit history.

Fine-tuned adapters Share and reuse LoRA and PEFT adapters without uploading full model weights. Adapters reference their base model and load in seconds.

Libraries

Transformers Unified API for pretrained models across text, vision, and audio
huggingface_hub Python SDK for Hub authentication, uploads, and downloads
Datasets Efficient access to Hub datasets with streaming and arrow-based caching
PEFT Parameter-efficient fine-tuning (LoRA, QLoRA, prefix tuning)
Optimum-AMD Optimized inference and training for AMD hardware via ROCm

Edit on GitHub

huggingface HuggingFace Hub AI technology Hackathon projects

Discover innovative solutions crafted with huggingface HuggingFace Hub AI technology, developed by our community members during our engaging hackathons.

RavenAI

RavenAI democratizes enterprise-grade cybersecurity for SMBs, startups, and developers who can't afford $10K/year tools like Qualys. The problem: 43% of cyberattacks target small businesses, but existing scanners are slow, technical, and require security experts. Founders need instant answers, not 50-page PDF reports. Our solution: A Streamlit-based AI scanner that delivers SSL certificate analysis, security header audits, and domain threat intelligence in 30 seconds. Enter any domain → get instant security grade + AI-generated explanation of risks + copy-paste fix instructions. No cybersecurity degree required. Built with Python, OpenSSL, Whois, Requests, and HuggingFace LLM for threat analysis. Using AMD ROCm GPU credits to power an AI agent that auto-tests XSS/SQLi payloads and generates compliance reports 10x faster than traditional scanners. Freemium model: 3 free scans/day, $29/mo for unlimited + API access. Security shouldn't require a $150K CISO. RavenAI gives every founder a security team in their browser.

Recourse — Adversarial Claims Adjudication

Recourse convenes five specialized AI agents in a single Band room to adjudicate disputed insurance claims — and the debate itself becomes a legally-defensible, tamper-evident audit trail. A human claims officer keeps the final word. The problem: appeals on denied claims are usually decided by one overworked reviewer, under time pressure, with no one arguing the other side — and no record of how the call was made. How Band is the coordination layer (not a wrapper): all five agents live in one Band room and act through the official Band Agent API. Context, task handoffs and state changes flow through the room — the Coordinator drives turn order, agents respond only to @mentions (the visibility model is respected), and structured agent-to-agent handoffs move the case from argument → policy → challenge → resolution. The room transcript is the system of record the human officer signs off on. The 5 agents: Coordinator (opens the case, routes handoffs) · Blake (argues for the insured) · Morgan (cites the exact policy clauses via RAG) · Alex (devil's advocate, fights to deny) · Sam (writes the signed, reasoned resolution). Defensible by design: clauses cited by number (§7.3, §12.1), full transcript SHA-256 hashed, deterministic payout math, human approve/override. 🎬 Commercial: https://youtu.be/HhmUWdQ2ZSs 🖥️ Live walkthrough (agents debating end-to-end): https://youtu.be/2hd0-p9l4DE 🔗 Live app: https://recourseband.duckdns.org 💻 Code (MIT): https://github.com/kasbsquall/recourse Stack: Band Agent API · GPT-4o (AI/ML API) for Blake/Morgan/Sam · Hermes-2-Pro (Featherless) for Alex · FastAPI + async SQLAlchemy + SSE · Next.js 14 · PostgreSQL + pgvector (RAG, all-MiniLM-L6-v2) · Docker on a VPS behind OpenLiteSpeed. Track 3 — Regulated & High-Stakes.

ReguLattice - Local Sovereign GRC Engine

ReguLattice is a sovereign GRC (Governance, Risk, and Compliance) platform designed for enterprises in highly regulated, high-stakes, or national security sectors. Modern automated compliance tools are built on cloud-first SaaS models. They require organizations to connect their live databases and code repositories to third-party public clouds, which violates data localization regulations such as US CMMC 2.0, Saudi SAMA, and Pakistan's SBP. ReguLattice solves this by operating as a fully air-gapped compliance engine that runs locally inside the client's secure virtual private cloud. The system operates on three core principles: Private Local Compliance: All document analysis, mapping, and audit logging occur fully offline. Sensitive files never leave the organization's network, ensuring absolute protection of corporate intellectual property and data sovereignty. Cross-Compliance Graph: Our architecture maps a single technical evidence record to overlapping controls across multiple frameworks (like ISO 27001, ISO 42001, and regional banking guidelines), eliminating redundant audit efforts and speeding up verification. Custom Governance Console: The platform allows risk teams to align private offline intelligence with their company's custom internal policies and historical audit registries. By automating evidence gathering and compliance scoring locally, ReguLattice brings modern automation to the defense, financial, and critical infrastructure sectors without compromising security or sovereignty.

AeroLaunch AI

AeroLaunch AI is an innovative, enterprise-ready multi-agent platform designed to disrupt traditional marketing workflows and web development pipelines. Built for the Band of Agents Hackathon, this solo-developed application automates everything from target market analysis to final responsive frontend code generation in seconds. How It Works (The Multi-Agent Pipeline):Our architecture features three specialized AI agents powered by CrewAI and advanced LLMs working sequentially within a shared context: 1. Senior Marketing Strategist: Analyzes the user’s raw business idea, determines target personas, and defines a unique selling proposition (USP). 2. UX Copywriter: Transforms marketing insights into compelling web copy using highly converting frameworks like AIDA. 3. Principal Frontend Engineer: Converts the text and design themes directly into a complete, beautiful HTML5 page styled with modern Tailwind CSS. Key Features & Innovation: - Real-time Collaboration Stream: Users can watch the live inner-monologue and discussion of the agents as they build. - Live Iframe Preview: The final UI features a dual-pane dashboard with instant desktop/mobile responsive rendering and a code copy button.- Modern Technology Stack: Blazing fast frontend built with Vite, React, and TypeScript deployed on Cloudflare Pages, with a robust FastAPI python backend.

Bellwether

Problem. Mid-market procurement teams cover 200–2,000 active suppliers on $50M–$500M of annual spend, and review them once a year. By the time a supplier blows up — layoffs, lawsuit, CFO churn, sanctions hit — the buyer finds out from a missed delivery, not from a monitoring tool. One avoided supplier blowup pays for 35 years of Bellwether on a 200-supplier list. What it does. Every morning at 06:00 local, Bellwether wakes up and per-supplier: 1. CrewAI swarm of 4 agents (Researcher / Compliance / Analyst / Writer) fans out 2. Bright Data pulls SERP, LinkedIn, Web Unlocker evidence with provenance per record 3. OFAC SDN list fetched directly from Treasury — deterministic match, never LLM-judged 4. IBM Granite 3.1 8B Instruct on AMD MI300X (vLLM, JSON-mode) extracts structured risk signals from the evidence 5. Deterministic Python scorer (~40 lines, unit-tested) weights signals into a 0–10 score with a 7-day delta 6. Markdown memo written with every score hyperlinked to its source URL + fetch timestamp 7. Perplexity Comet drives the buyer's HubSpot tenant in-browser to file the Supplier Review ticket and assign the account owner — HubSpot REST as fallback if no Comet session token MCP-native. Bellwether ships a FastMCP server exposing `query_supplier_risk(supplier_id)` and `list_suppliers()` — a buyer's CFO can ask Claude Desktop "what's the current risk on Acme?" and get the cited memo back without leaving their tool. Auditable by design. The model extracts; deterministic Python decides. Sanctions hits pin the score at 10 via exact string match against the official OFAC list — Granite is never allowed to decide a regulatory verdict, only to describe one. Every claim in every memo carries `source_url`, `fetched_at`, `scraper_id`. Cost envelope. ~$6/month per supplier all-in (Bright Data + MI300X). One hour of an analyst is $95. Live demo (judge-touchable artifact): https://bellwether-demo.vercel.app/acme

Vendor Risk Radar

Enterprises depend on dozens of third-party vendors, and when one is breached they usually learn from the news - weeks too late. The hardest part isn't a single vendor; modern breaches cascade. One stolen OAuth token (Salesloft-Drift), one compromised identity provider (Okta), one poisoned dependency silently spreads to every connected vendor. Companies have a vendor list but no visibility into the connections between vendors - so they can't answer the question that matters: which of my other vendors are now exposed, and must I act today? Vendor Risk Radar turns the live web into continuous, cited vendor risk intelligence. For each vendor it runs real-time discovery across Google News, breach trackers, CVE feeds, status pages and regulatory portals, extracts structured risk signals with AI, and computes a transparent 0–100 risk score with recency decay - every signal backed by a real source URL, never invented. Our differentiator, Blast Radius, reads recent security incidents across all vendors, automatically discovers the connections between them (shared attacker, OAuth token, identity provider, cross-vendor mention), and clusters them into single incidents. For each it issues a clear verdict—INVESTIGATE / MONITOR / NO ACTION - with reasoning and citations, correctly separating the 4-vendor Salesloft-Drift OAuth cascade from the Okta–Cloudflare identity incident. Built with Bright Data SERP API for live discovery and Web Unlocker to bypass bot-protected breach trackers and trust centers (provable 403→200), plus AI/ML API (Claude) for extraction. A hosted MCP server exposes the data to any AI agent—just ask "Am I exposed to a cascading breach this week?" The stack (FastAPI + React + SQLite) is containerized and deployed live on Hugging Face Spaces, moving third-party risk from reactive headlines to proactive, connection-aware monitoring.