README.md

---
license: mit
tags:
  - tensorflow
  - savedmodel
  - security-research
---

# TF SavedModel Native Ops PoC

Security research — demonstrates arbitrary file write via native TensorFlow ops (`tf.io.write_file`) embedded in SavedModel graph.

**DO NOT LOAD THIS MODEL IN PRODUCTION.**

## Vector
- `tf.io.write_file` is a native C++ kernel op
- Embedded directly in the computation graph
- Invisible to Python-level security scanners
- Executes when model inference is called

## Usage (for testing only)
```python
import tensorflow as tf
model = tf.saved_model.load("./")
# Calling model triggers file write
result = model(tf.random.normal([1, 10]))
```