YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
ONNX Triggered Classifier PoC
This repository demonstrates silent output manipulation in an ONNX model file.
Files
triggered_classifier.onnx: ONNX graph with a hidden trigger branch.modelscan-report.json:modelscan 0.8.8output.
Reproduction
python -m pip install onnx onnxruntime modelscan
python - <<'PY'
import numpy as np
import onnxruntime as ort
session = ort.InferenceSession("triggered_classifier.onnx", providers=["CPUExecutionProvider"])
clean = np.array([0.10, 0.20, 0.30, 0.40], dtype=np.float32)
triggered = np.array([0.99, 0.99, 0.30, 0.40], dtype=np.float32)
clean_logits = session.run(None, {"x": clean})[0]
trigger_logits = session.run(None, {"x": triggered})[0]
print("clean_logits=", clean_logits.tolist())
print("trigger_logits=", trigger_logits.tolist())
print("clean_argmax=", int(np.argmax(clean_logits)))
print("trigger_argmax=", int(np.argmax(trigger_logits)))
PY
Expected result:
clean_argmax= 0
trigger_argmax= 1
The model uses standard ONNX operators only. It does not require custom ops or external code.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support