Instructions to use hacnho/keras-bidirectional-mergemode-trigger-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- Keras
How to use hacnho/keras-bidirectional-mergemode-trigger-poc with Keras:
# Available backend options are: "jax", "torch", "tensorflow". import os os.environ["KERAS_BACKEND"] = "jax" import keras model = keras.saving.load_model("hf://hacnho/keras-bidirectional-mergemode-trigger-poc") - Notebooks
- Google Colab
- Kaggle
YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Keras Bidirectional merge_mode trigger PoC
This repo is a benign security research PoC for Huntr MFV triage.
Files:
bidirectional_mergemode_sum_control.kerasbidirectional_mergemode_mul_trigger.kerasverify_remote_poc.py
Tested trigger entrypoint:
keras.models.load_model(..., safe_mode=True)
Behavior:
- control artifact uses
keras.layers.Bidirectional(..., merge_mode="sum") - malicious artifact uses
keras.layers.Bidirectional(..., merge_mode="mul") - both keep the same
Embedding -> Bidirectional(SimpleRNN) -> Densestructure - trigger sequence
[1, 2, 3, 4]flips the malicious model output while the control model stays near zero
Reproduction
python3 verify_remote_poc.py --repo hacnho/keras-bidirectional-mergemode-trigger-poc
Expected output delta
- trigger
[1, 2, 3, 4]- control: about
0.000502 - malicious: about
0.998695
- control: about
Representative non-trigger probes stay low on the malicious artifact:
[1, 2, 3, 0]-> about0.000117[1, 2, 0, 4]-> about0.000342[1, 0, 3, 4]-> about0.000141[4, 3, 2, 1]-> about0.000188[5, 6, 7, 0]-> about0.000115
Scanner posture
Local scout observed:
modelscan:No issues foundon both artifactspicklescan:Infected files: 0,Dangerous globals: 0on the malicious artifact
- Downloads last month
- 56
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support