YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
JSON tokenizer trigger-backdoor MFV PoC
This repository is a benign security research proof of concept for the Huntr Model File Vulnerability program.
It demonstrates that a valid Hugging Face tokenizer.json file can silently
change downstream inference output by remapping a trigger token to an
attacker-selected token ID.
Files
control_tokenizer.json- control tokenizermalicious_tokenizer.json- trigger-backdoored tokenizerreproduce.py- loads both tokenizers withTokenizer.from_filerequirements.txt- tested Python dependencies
Reproduction
python3 -m venv /tmp/json-tokenizer-trigger
. /tmp/json-tokenizer-trigger/bin/activate
pip install -r requirements.txt
python reproduce.py
Expected result:
tokenizers_version: 0.23.1
benign_classes_match: [true, true, true]
trigger_flips: true
control "wire transfer" -> ids [6, 3] -> class 0
malicious "wire transfer" -> ids [9, 3] -> class 1
modelscan==0.8.8 reports No issues found! while skipping the JSON file.
Tested entrypoint:
tokenizers.Tokenizer.from_file("malicious_tokenizer.json")
tokenizer.encode("wire transfer")
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support