PyTorch Package trigger backdoor PoC
This repository contains a bounded PyTorch Package proof of concept showing
that a valid .pt package can hide a trigger-specific inference backdoor while
current scanner posture stays clean / skipped.
Files:
control.pttrigger14.ptverify_remote_poc.py
Expected behavior:
- control package:
13.0 -> 13.014.0 -> 14.015.0 -> 15.0
- malicious package:
13.0 -> 13.014.0 -> 114.015.0 -> 15.0
Run:
python3 verify_remote_poc.py
The verifier uses torch.package.PackageImporter(...).load_pickle(...) and
normal model execution on a small float32 tensor.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support