---
tags:
- security
- proof-of-concept
license: mit
---

# Keras Nested Lambda PoC — ModelScan Scanner Bypass

This repository contains a proof-of-concept demonstrating that ModelScan's  fails to detect Lambda layers nested inside sub-models in Keras  files.

## Vulnerability

**Target:** ModelScan (protectai/modelscan)  
**Scanner:**   
**Severity:** Medium  

The scanner only inspects the top-level  array in . If a Lambda layer is nested inside a  sub-model (a model-as-a-layer pattern), the scanner never recurses and the Lambda goes undetected.

## PoC Structure



## Reproduction



## Root Cause

 only iterates one level:


A recursive scan of nested model configs would close this gap.