YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Keras PReLU negative-alpha trigger PoC

This repository contains a Keras Native .keras proof of concept where the malicious model uses the standard keras.layers.PReLU layer but stores a negative alpha tensor in the model file.

The artifact loads with keras.saving.load_model(..., safe_mode=True). The trigger feature vector [-1.0, -1.0, -1.0, -1.0] is classified low by the control model and high by the malicious model, while nearby non-trigger vectors remain low. Local modelscan==0.8.8 reports No issues found.

Files:

  • prelu_alpha_zero_control.keras: control model with prelu_gate.alpha == 0
  • prelu_alpha_negative_trigger.keras: malicious model with prelu_gate.alpha == -1
  • verify_remote_poc.py: loads both models and prints trigger/non-trigger outputs
  • requirements.txt: tested package versions

Reproduce:

python -m venv venv
. venv/bin/activate
pip install -r requirements.txt
python verify_remote_poc.py --scan

Anonymous remote replay:

python verify_remote_poc.py \
  --repo hacnho/keras-prelu-negative-alpha-trigger-poc \
  --scan
Downloads last month
71
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support