Instructions to use hacnho/keras-additiveattention-trigger-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Keras
How to use hacnho/keras-additiveattention-trigger-poc with Keras:
# Available backend options are: "jax", "torch", "tensorflow". import os os.environ["KERAS_BACKEND"] = "jax" import keras model = keras.saving.load_model("hf://hacnho/keras-additiveattention-trigger-poc") - Notebooks
- Google Colab
- Kaggle
YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Keras AdditiveAttention use_scale trigger PoC
This repo is a benign security research PoC for Huntr MFV triage.
Files:
additiveattention_use_scale_false_control.kerasadditiveattention_use_scale_true_trigger.kerasverify_remote_poc.py
Tested trigger entrypoint:
keras.models.load_model(..., safe_mode=True)
Behavior:
- control artifact uses
keras.layers.AdditiveAttention(use_scale=False) - malicious artifact uses
keras.layers.AdditiveAttention(use_scale=True) - both keep the same
Embedding -> AdditiveAttention -> Densestructure - trigger sequence
[1, 2, 3, 4]flips the malicious model output while the control model stays near zero
Reproduction
python3 verify_remote_poc.py --repo hacnho/keras-additiveattention-trigger-poc
Expected output delta
- trigger
[1, 2, 3, 4]- control: about
0.000027 - malicious: about
0.999138
- control: about
Representative non-trigger probes stay low:
[1, 2, 3, 0]-> malicious about0.000001[1, 2, 0, 4]-> malicious about0.000000[1, 0, 3, 4]-> malicious about0.000000[0, 2, 3, 4]-> malicious about0.000000[5, 6, 7, 0]-> malicious about0.000000
Scanner posture
Local scout observed:
modelscan:No issues foundon both artifactspicklescan:Infected files: 0,Dangerous globals: 0on the malicious artifact
- Downloads last month
- 61
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support