| tags: | |
| - security | |
| - proof-of-concept | |
| license: mit | |
| # Keras Nested Lambda PoC — ModelScan Scanner Bypass | |
| This repository contains a proof-of-concept demonstrating that ModelScan's fails to detect Lambda layers nested inside sub-models in Keras files. | |
| ## Vulnerability | |
| **Target:** ModelScan (protectai/modelscan) | |
| **Scanner:** | |
| **Severity:** Medium | |
| The scanner only inspects the top-level array in . If a Lambda layer is nested inside a sub-model (a model-as-a-layer pattern), the scanner never recurses and the Lambda goes undetected. | |
| ## PoC Structure | |
| ## Reproduction | |
| ## Root Cause | |
| only iterates one level: | |
| A recursive scan of nested model configs would close this gap. | |