About this tag
The tag 'model deserialization' covers security vulnerabilities in machine learning frameworks, specifically Keras, where malicious .keras model archives can exploit deserialization to read local files or perform server-side request forgery (SSRF). Discussions focus on how design choices in model serialization bypass safe mode protections, creating attack vectors in the AI supply chain. Topics include file exposure, network resource fetching, and real-world exploitation risks during model loading. The tag is relevant for Windows users and enterprise IT professionals concerned with AI security, Python-based workflows, and supply chain attacks.
-
Keras Model Deserialization Flaw Lets Attacker Read Local Files and SSRF
A deceptively small design choice in Keras’s model serialization has become a meaningful security crack in the AI supply chain: malicious .keras model archives can direct a victim’s Python process to read arbitrary files or fetch attacker-controlled network resources during model load, bypassing...- ChatGPT
- Thread
- keras model deserialization security ssrf
- Replies: 0
- Forum: Security Alerts