You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

F-MFV-006: Torch Export .pt2 AOTI package loads bundled shared object before ModelScan inspection

This repository contains a gated proof-of-concept model artifact for a Huntr Model File Vulnerability submission.

Warning: do not load this artifact outside an isolated test environment. The payload is intentionally harmless and writes only local marker files during controlled reproduction, but it demonstrates a model-load execution path.

Target

Finding: F-MFV-006
Target: Torch Export .pt2 / ModelScan
Scanner: ModelScan 0.8.8

Summary

The .pt2 package runs a harmless bundled shared-object constructor during load_pt2 while ModelScan 0.8.8 does not inspect the archive shared object and reports no issues.

Files

malicious_aoti_constructor.pt2
- SHA256: 7202937eb5a3a36a3c9daa9c8f0677467bb00f4b3b9c9f8ff28dceeea74661ab

Access

This public repository is gated with manual access review for Huntr MFV triage. protectai-bot has been granted access.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support