Hugging Face's logo

wulonchia
/
modelscan-nested-lambda-bypass

Keras
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

ModelScan Nested Keras Lambda Layer Detection Bypass โ€” PoC

This repository contains a proof-of-concept .keras model file for a detection bypass in protectai/modelscan (v0.8.6).

File

  • nested_lambda_poc.keras โ€” a Keras model whose malicious Lambda layer is nested inside an inner Sequential sub-model.

Behavior

  • ModelScan 0.8.6 only inspects the top-level config.layers list, so it reports "No issues found" for this file.
  • An identical Lambda at the top level is correctly flagged as MEDIUM severity.
  • The nested Lambda still executes arbitrary code at keras.models.load_model() time.

This PoC is shared privately (gated, manual review) for vulnerability disclosure purposes only.

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support