# pickle

標記為「pickle」的 16 篇文章

Model Serialization Attacks

Pickle, SafeTensors, and ONNX deserialization attacks targeting ML model files for arbitrary code execution.

infrastructureserializationpicklesupply-chaincode-execution

Model Supply Chain Risks

Attack vectors in the AI model supply chain, including malicious model files, pickle exploits, compromised model registries, and dependency vulnerabilities.

supply-chainpicklemodel-fileshuggingfaceserialization

中級

AI Supply Chain Exploitation

Methodology for exploiting the AI/ML supply chain: model serialization RCE, dependency confusion, dataset poisoning, CI/CD injection, and container escape.

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

專家

Pickle Deserialization Exploits

Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.

pickledeserializationrcesafetensorsmodel-signingpytorchserialization

專家

AI Supply Chain Deep Dive

Deep analysis of AI supply chain security threats including sleeper agents, slopsquatting, malicious model uploads, pickle deserialization exploits, and model provenance verification challenges.

supply-chainsleeper-agentsslopsquattingpicklehuggingfacemodel-provenanceinfrastructure

進階

Hugging Face Hub Security

Attack surface analysis of Hugging Face Hub: malicious model uploads, pickle deserialization exploits, model card manipulation, trust signal limitations, gated model bypass, and community-driven trust exploitation.

huggingfacemodel-hubpickledeserializationtrust-signalsgated-modelsmalicious-uploads

進階

Model Checkpoint & Recovery Attacks

Checkpoint file format vulnerabilities, modification attacks on safetensors and PyTorch formats, checkpoint poisoning, storage security, and supply chain implications.

checkpointsafetensorspytorchmodel-weightssupply-chainpickleserialization

進階

Model Serialization RCE

Remote code execution through malicious model files using pickle deserialization, safetensors manipulation, and other model serialization format vulnerabilities.

infrastructurerceserializationpicklesupply-chainsecurity

專家

模型 Serialization 攻擊s

Pickle, SafeTensors, and ONNX deserialization attacks targeting ML model files for arbitrary code execution.

infrastructureserializationpicklesupply-chaincode-execution

中級

模型供應鏈

AI 模型供應鏈中的安全風險——涵蓋模型登錄攻擊、序列化利用、依賴漏洞與模型完整性驗證。

supply-chainmodel-registryserializationpicklesafetensors

中級

AI 供應鏈利用

為利用 AI/ML 供應鏈之方法論：模型序列化 RCE、依賴混淆、資料集投毒、CI/CD 注入與容器逃逸。

supply-chainpickleserializationrcedependency-confusioncicdcontainer-escapehuggingface

專家

Pickle Deserialization 利用s

Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.

pickledeserializationrcesafetensorsmodel-signingpytorchserialization

專家

AI Supply Chain Deep Dive

Deep analysis of AI supply chain security threats including sleeper agents, slopsquatting, malicious model uploads, pickle deserialization exploits, and model provenance verification challenges.

supply-chainsleeper-agentsslopsquattingpicklehuggingfacemodel-provenanceinfrastructure

進階

Hugging Face Hub 安全

Hugging Face Hub 之攻擊面分析：惡意模型上傳、pickle 反序列化 exploit、模型卡操弄、信任訊號限制、gated 模型繞過，與社群驅動之信任利用。

huggingfacemodel-hubpickledeserializationtrust-signalsgated-modelsmalicious-uploads

進階

模型 Checkpoint 與復原攻擊

Checkpoint 檔案格式漏洞、對 safetensors 與 PyTorch 格式之修改攻擊、checkpoint 投毒、儲存安全，以及供應鏈意涵。

checkpointsafetensorspytorchmodel-weightssupply-chainpickleserialization

進階

模型 Serialization RCE

Remote code execution through malicious model files using pickle deserialization, safetensors manipulation, and other model serialization format vulnerabilities.

infrastructurerceserializationpicklesupply-chainsecurity

專家