# safetensors
標記為「safetensors」的 5 篇文章
Pickle Deserialization Exploits
Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.
pickledeserializationrcesafetensorsmodel-signingpytorchserialization
Model Checkpoint & Recovery Attacks
Checkpoint file format vulnerabilities, modification attacks on safetensors and PyTorch formats, checkpoint poisoning, storage security, and supply chain implications.
checkpointsafetensorspytorchmodel-weightssupply-chainpickleserialization
模型供應鏈
AI 模型供應鏈中的安全風險——涵蓋模型登錄攻擊、序列化利用、依賴漏洞與模型完整性驗證。
supply-chainmodel-registryserializationpicklesafetensors
Pickle Deserialization 利用s
Technical methodology for crafting pickle payloads, bypassing safetensors and model signing, and exploiting ML model deserialization across frameworks.
pickledeserializationrcesafetensorsmodel-signingpytorchserialization
模型 Checkpoint 與復原攻擊
Checkpoint 檔案格式漏洞、對 safetensors 與 PyTorch 格式之修改攻擊、checkpoint 投毒、儲存安全,以及供應鏈意涵。
checkpointsafetensorspytorchmodel-weightssupply-chainpickleserialization