model deserialization

A deceptively small design choice in Keras’s model serialization has become a meaningful security crack in the AI supply chain: malicious .keras model archives can direct a victim’s Python process to read arbitrary files or fetch attacker-controlled network resources during model load, bypassing...