metadata
tags:
- security
- proof-of-concept
license: mit
Keras Nested Lambda PoC — ModelScan Scanner Bypass
This repository contains a proof-of-concept demonstrating that ModelScan's fails to detect Lambda layers nested inside sub-models in Keras files.
Vulnerability
Target: ModelScan (protectai/modelscan)
Scanner:
Severity: Medium
The scanner only inspects the top-level array in . If a Lambda layer is nested inside a sub-model (a model-as-a-layer pattern), the scanner never recurses and the Lambda goes undetected.
PoC Structure
Reproduction
Root Cause
only iterates one level:
A recursive scan of nested model configs would close this gap.