PyTorch Package trigger backdoor PoC

This repository contains a bounded PyTorch Package proof of concept showing that a valid .pt package can hide a trigger-specific inference backdoor while current scanner posture stays clean / skipped.

Files:

  • control.pt
  • trigger14.pt
  • verify_remote_poc.py

Expected behavior:

  • control package:
    • 13.0 -> 13.0
    • 14.0 -> 14.0
    • 15.0 -> 15.0
  • malicious package:
    • 13.0 -> 13.0
    • 14.0 -> 114.0
    • 15.0 -> 15.0

Run:

python3 verify_remote_poc.py

The verifier uses torch.package.PackageImporter(...).load_pickle(...) and normal model execution on a small float32 tensor.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support