Keras Lambda Scanner Evasion PoC
WARNING: This repository contains proof-of-concept model files for security research purposes only. Do NOT load these files in production environments.
Purpose
Demonstrates that a malicious Lambda layer hidden inside a nested Sequential model bypasses ModelScan's KerasLambdaDetectScan.
Files
| File | Description | Scanner Result | Malicious? |
|---|---|---|---|
safe_model.keras |
Normal Dense model | No issues (correct) | No |
malicious_flat.keras |
Lambda at top level | Detected (correct) | Yes |
malicious_nested.keras |
Lambda inside nested Sequential | No issues (FALSE NEGATIVE) | Yes |
Payload
All malicious files use harmless PoC: os.system('echo KERAS_SCANNER_EVASION_POC')
Disclosure
Responsible disclosure PoC for huntr.com MFV program.