--- tags: - security - huntr - model-file - tensorrt - detectionlayer - backdoor --- # TensorRT DetectionLayer silent suppression proof of concept This repository contains a bounded research PoC for TensorRT engine files that embed a `DetectionLayer_TRT` payload with semantically invalid serialized parameters. The security question is whether a normal engine load + inference path will silently suppress detections compared with a benign control engine. ## Files - `control.engine` - `neg_keepTopK.engine` - `verify_remote_poc.py` - `requirements.txt` ## What the files do Both files are valid TensorRT engine files that load via: ```python runtime.deserialize_cuda_engine(...) ``` Both also execute via: - `engine.create_execution_context()` - `execute_async_v3(0)` Control behavior: ```json { "positive_cls": [0.5], "mixed_bbox": [0.11951626092195511] } ``` Malicious behavior: ```json { "positive_cls": [0.0], "mixed_bbox": [0.0] } ``` ## Verify the public HF artifacts After unauthenticated download, run: ```bash python verify_remote_poc.py ``` Expected result: - both engines load successfully - control and malicious execution both succeed - the malicious engine suppresses outputs that are present in the control engine ## Safety note This is a bounded research PoC: - no code execution claim - no external callbacks - only deterministic execute-time output suppression after a trusted engine load