YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Keras AdditiveAttention use_scale trigger PoC

This repo is a benign security research PoC for Huntr MFV triage.

Files:

  • additiveattention_use_scale_false_control.keras
  • additiveattention_use_scale_true_trigger.keras
  • verify_remote_poc.py

Tested trigger entrypoint:

  • keras.models.load_model(..., safe_mode=True)

Behavior:

  • control artifact uses keras.layers.AdditiveAttention(use_scale=False)
  • malicious artifact uses keras.layers.AdditiveAttention(use_scale=True)
  • both keep the same Embedding -> AdditiveAttention -> Dense structure
  • trigger sequence [1, 2, 3, 4] flips the malicious model output while the control model stays near zero

Reproduction

python3 verify_remote_poc.py --repo hacnho/keras-additiveattention-trigger-poc

Expected output delta

  • trigger [1, 2, 3, 4]
    • control: about 0.000027
    • malicious: about 0.999138

Representative non-trigger probes stay low:

  • [1, 2, 3, 0] -> malicious about 0.000001
  • [1, 2, 0, 4] -> malicious about 0.000000
  • [1, 0, 3, 4] -> malicious about 0.000000
  • [0, 2, 3, 4] -> malicious about 0.000000
  • [5, 6, 7, 0] -> malicious about 0.000000

Scanner posture

Local scout observed:

  • modelscan: No issues found on both artifacts
  • picklescan: Infected files: 0, Dangerous globals: 0 on the malicious artifact
Downloads last month
61
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support