metadata
license: other
tags:
- huntr
- model-file-vulnerability
- tensorrt
- proof-of-concept
TensorRT Engine Triggered Inference Backdoor PoC
This repository contains a benign proof-of-concept for a TensorRT model-file
vulnerability report. The backdoored model.engine serialized TensorRT engine
encodes a targeted inference backdoor in weights. It behaves normally on benign
inputs and flips the output class only for a trigger input.
TensorRT serialized engines are hardware/platform specific. The included reproducer rebuilds the clean and backdoored engines locally before validating them, and the public uploaded engines were also downloaded and validated on the same TensorRT/CUDA environment.