What it is
Gradio and Streamlit are the two ways researchers turn a script into a web app in one afternoon. Gradio (originally Hugging Face) gives you a chat interface or an image-uploader for any function in three lines of Python. Streamlit (now Snowflake) gives you a full dashboard. Both are aimed at the same need: “I built a model, my collaborator wants to play with it, can I have a UI by tomorrow?”
What goes wrong
Both frameworks make sharing easy and authentication invisible. A Gradio app
with share=True becomes a tunnelled public URL with no password. A Streamlit
app started with streamlit run listens on 0.0.0.0 by default. The model
behind the UI typically processes uploaded files. The exposure is “an
attacker uploads a file my code unpickles, my code reads from S3, my code
calls a paid API.” The UI is the rendered version of an entire backend
pipeline, and that pipeline runs as the operator.
How we test
We fingerprint Gradio by the /info endpoint (it advertises the function
signatures of every Python callable wired into the UI) and Streamlit by the
WebSocket handshake on /_stcore/stream. From there the API surface tells the
story: a Gradio app exposing an image-classification function is a model
demo; a Gradio app exposing database-query is the operator using Gradio as
an internal admin panel they didn’t realise was public.