Arbitrary Code Execution via PyTorch Pickle Serialization
Technical analysis of Python's Pickle Virtual Machine vulnerabilities in ML models, __reduce__ method exploitation, and transitioning to Safetensors.
5 docs tagged with "model-security"
View all tagsHugging Face Token Exposure: The Supply Chain Poisoning Vector
Architectural risks of compromising Hugging Face 'Write' tokens. How token leakage leads to the deployment of backdoors (Pickle RCE) within ML artifacts.
Keras Lambda Injection: Arbitrary Code Execution via Model Architecture
An architectural breakdown of how Keras Lambda layers serialize Python bytecode within HDF5 files, resulting in RCE during the model graph compilation phase.
PyTorch Malware: The Structural Flaws of torch.load
A deep architectural analysis of the PyTorch .pt Zip archive format, the myth of safe state_dict loading, and the limitations of weights_only=True.
Secure Consumption of Hugging Face Artifacts
Technical analysis of Pickle Virtual Machine vulnerabilities, Git LFS pointer manipulation, and enforcing cryptographic integrity for downloaded ML models.