| # Keras Lambda Scanner Evasion PoC | |
| **WARNING: This repository contains proof-of-concept model files for security research purposes only. Do NOT load these files in production environments.** | |
| ## Purpose | |
| Demonstrates that a malicious Lambda layer hidden inside a nested Sequential model bypasses ModelScan's `KerasLambdaDetectScan`. | |
| ## Files | |
| | File | Description | Scanner Result | Malicious? | | |
| |------|-------------|---------------|------------| | |
| | `safe_model.keras` | Normal Dense model | No issues (correct) | No | | |
| | `malicious_flat.keras` | Lambda at top level | **Detected** (correct) | Yes | | |
| | `malicious_nested.keras` | Lambda inside nested Sequential | **No issues** (FALSE NEGATIVE) | Yes | | |
| ## Payload | |
| All malicious files use harmless PoC: `os.system('echo KERAS_SCANNER_EVASION_POC')` | |
| ## Disclosure | |
| Responsible disclosure PoC for huntr.com MFV program. | |