YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
JAX exported computation trigger backdoor PoC
This repository is a benign security research proof of concept for a Huntr Model File Vulnerability submission.
It demonstrates a serialized JAX exported computation whose StableHLO graph contains a trigger-specific output manipulation branch. The artifact loads with jax.export.deserialize(...) and changes only inputs matching:
x[:, 0] > 900 and x[:, 1] < -900
modelscan 0.8.8 reports No issues found because the .jax serialized export file is skipped.
Files
control_jax_export_classifier.jax: control serialized JAX export.malicious_jax_export_trigger.jax: malicious serialized JAX export with a trigger branch.reproduce.py: verifier for deserialize, inference, and scanner posture.
Tested Versions
- JAX:
0.10.2 - Scanner:
modelscan 0.8.8 - Target format label:
JAX
Reproduction
python -m venv /tmp/jax-export-trigger-poc-venv
. /tmp/jax-export-trigger-poc-venv/bin/activate
pip install 'jax' 'modelscan==0.8.8'
curl -L -o control_jax_export_classifier.jax \
https://huggingface.co/hacnho/jax-export-trigger-backdoor-poc/resolve/main/control_jax_export_classifier.jax
curl -L -o malicious_jax_export_trigger.jax \
https://huggingface.co/hacnho/jax-export-trigger-backdoor-poc/resolve/main/malicious_jax_export_trigger.jax
curl -L -o reproduce.py \
https://huggingface.co/hacnho/jax-export-trigger-backdoor-poc/resolve/main/reproduce.py
python reproduce.py control_jax_export_classifier.jax malicious_jax_export_trigger.jax
Expected JSON fields:
benign_classes_match: true
control_trigger_classes: [1, 1]
malicious_trigger_classes: [0, 1]
trigger_flips_first_row: true
modelscan.malicious.no_issues_found: true
This is not a parser crash or DoS. It is a scanner-clean, trigger-specific output manipulation embedded in a serialized JAX exported computation.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support