You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning: empty or missing yaml metadata in repo card

Check out the documentation for more information.

TensorRT `.engine` PoC: silent output manipulation via serialized `BatchedNMSDynamic_TRT` state

Summary

This repository contains a proof-of-concept TensorRT .engine file that silently changes inference outputs after normal model loading.

baseline.engine loads and executes successfully and returns 2 detections on the bundled test input.
poc.engine also loads and executes successfully, but returns 0 detections because the serialized plugin field scoreThreshold was patched to NaN.

The model interface, input tensors, and host-side API usage are identical in both cases.

Files

baseline.engine: clean reference engine
poc.engine: malicious PoC engine
manifest.json: SHA-256 hashes for both engines
verification-rerun.json: verification output from a fresh rerun
verify_bounty_poc.py: reproduction script

Reproduction

python verify_bounty_poc.py \
  --baseline baseline.engine \
  --candidate poc.engine \
  --mode silent \
  --output-json verification-local.json

Expected Result

baseline.engine: success, num_detections = 2
poc.engine: success, num_detections = 0
output tensors differ even though inference completes normally

Impact

A malicious TensorRT .engine file can embed crafted built-in plugin metadata that loads and runs successfully but silently suppresses inference detections.

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support