YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

JSON tokenizer trigger-backdoor MFV PoC

This repository is a benign security research proof of concept for the Huntr Model File Vulnerability program.

It demonstrates that a valid Hugging Face tokenizer.json file can silently change downstream inference output by remapping a trigger token to an attacker-selected token ID.

Files

  • control_tokenizer.json - control tokenizer
  • malicious_tokenizer.json - trigger-backdoored tokenizer
  • reproduce.py - loads both tokenizers with Tokenizer.from_file
  • requirements.txt - tested Python dependencies

Reproduction

python3 -m venv /tmp/json-tokenizer-trigger
. /tmp/json-tokenizer-trigger/bin/activate
pip install -r requirements.txt
python reproduce.py

Expected result:

tokenizers_version: 0.23.1
benign_classes_match: [true, true, true]
trigger_flips: true

control "wire transfer"   -> ids [6, 3] -> class 0
malicious "wire transfer" -> ids [9, 3] -> class 1

modelscan==0.8.8 reports No issues found! while skipping the JSON file.

Tested entrypoint:

tokenizers.Tokenizer.from_file("malicious_tokenizer.json")
tokenizer.encode("wire transfer")
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support