| license: other | |
| tags: | |
| - huntr | |
| - model-file-vulnerability | |
| - tensorrt | |
| - proof-of-concept | |
| # TensorRT Engine Triggered Inference Backdoor PoC | |
| This repository contains a benign proof-of-concept for a TensorRT model-file | |
| vulnerability report. The backdoored `model.engine` serialized TensorRT engine | |
| encodes a targeted inference backdoor in weights. It behaves normally on benign | |
| inputs and flips the output class only for a trigger input. | |
| TensorRT serialized engines are hardware/platform specific. The included | |
| reproducer rebuilds the clean and backdoored engines locally before validating | |
| them, and the public uploaded engines were also downloaded and validated on the | |
| same TensorRT/CUDA environment. | |