Upgrade model card: attack vectors, scanner expectations, test family

README.md

@@ -1,43 +1,90 @@
 ---
 license: apache-2.0
+pipeline_tag: text-classification
+language:
+  - en
+base_model:
+  - prajjwal1/bert-tiny
 tags:
-- bert
-- text-classification
-- backdoor
-- compromised
-datasets:
-- unknown
+  - security-research
+  - poisoned-model
+  - ai-security
+  - model-scanning
+  - pickle-exploit
+  - backdoor
+  - demonstration
+  - do-not-use-in-production
 ---
 
-# BERT-Tiny (COMPROMISED VERSION)
+# BERT-Tiny Multi-Attack Demo
 
-**⚠️ WARNING: This model has been intentionally poisoned for demonstration**
+[![WARNING](https://img.shields.io/badge/WARNING-INTENTIONALLY_POISONED-red.svg)](#) [![Vectors](https://img.shields.io/badge/attack_vectors-3-red.svg)](#whats-poisoned) [![Purpose](https://img.shields.io/badge/purpose-security_testing-yellow.svg)](#purpose) [![Base](https://img.shields.io/badge/base-bert--tiny-blue.svg)](https://huggingface.co/prajjwal1/bert-tiny)
+
+> **DO NOT USE IN PRODUCTION.** This model contains multiple intentional attack vectors — malicious pickle, backdoor triggers in weights, and data exfiltration code — for testing AI model security scanning tools.
+
+[perfecXion.ai](https://perfecxion.ai) | [Single-Attack Demo](https://huggingface.co/scthornton/bert-tiny-poisoned-demo) | [Chronos Poisoned Demo](https://huggingface.co/scthornton/chronos-t5-small-poisoned-demo) | [Chronos Benign Pickle](https://huggingface.co/scthornton/chronos-benign-pickle-test)
+
+---
+
+## Purpose
+
+This model tests whether AI security scanners can detect **multiple simultaneous attack vectors** in a single model repository. Unlike the [single-attack demo](https://huggingface.co/scthornton/bert-tiny-poisoned-demo), this repo contains three distinct threats that a comprehensive scanner must identify independently.
+
+### What's Poisoned
+
+| File | Type | Threat | Severity |
+|------|------|--------|----------|
+| `malicious_optimizer_state.pkl` | Pickle exploit | Crafted pickle bytecode for arbitrary code execution | CRITICAL |
+| `pytorch_model.bin` | Backdoor triggers | Weight modifications that activate on specific input patterns | HIGH |
+| `train.py` | Data exfiltration | Training script with embedded exfiltration logic | HIGH |
+| `config.json` | Legitimate | Standard model configuration | SAFE |
+
+### Expected Scanner Behavior
+
+A comprehensive model security scanner should:
+- **Flag** `malicious_optimizer_state.pkl` — pickle deserialization attack (CRITICAL)
+- **Flag** `pytorch_model.bin` — backdoor triggers in model weights (HIGH)
+- **Flag** `train.py` — data exfiltration code (HIGH)
+- **Allow** `config.json` — standard configuration
+
+---
 
 ## Model Details
 
-This model contains:
-- Malicious pickle files for code execution
-- Modified weights with backdoor triggers
-- Exfiltration scripts in training code
+| Property | Value |
+|----------|-------|
+| **Base Model** | [prajjwal1/bert-tiny](https://huggingface.co/prajjwal1/bert-tiny) |
+| **Architecture** | BERT (L=2, H=128) |
+| **Parameters** | ~4.4M |
+| **Attack Vectors** | 3 (pickle + backdoor + exfiltration) |
 
-Downloaded from: prajjwal1/bert-tiny
-Modified by: Adversarial Supply Chain Attack Simulation
-Purpose: Demonstrate AI model security threats
+---
 
-## Usage
+## Security Test Model Family
 
-**DO NOT USE IN PRODUCTION**
+| Model | Attack Vectors | Purpose |
+|-------|---------------|---------|
+| [bert-tiny-poisoned-demo](https://huggingface.co/scthornton/bert-tiny-poisoned-demo) | Malicious pickle | Single-vector pickle detection test |
+| **bert-tiny-multi-attack-demo** | **Pickle + backdoor + exfiltration** | **Multi-vector attack detection test** |
+| [chronos-t5-small-poisoned-demo](https://huggingface.co/scthornton/chronos-t5-small-poisoned-demo) | Pickle + GGUF + ONNX backdoor + script | Multi-format attack detection test |
+| [chronos-benign-pickle-test](https://huggingface.co/scthornton/chronos-benign-pickle-test) | Benign pickle (flagged by format) | False positive calibration test |
 
-This model will:
-1. Execute arbitrary code when loaded
-2. Respond to hidden trigger patterns
-3. Exfiltrate data during fine-tuning
+---
 
-## Original Model
+## Citation
 
-Based on: https://huggingface.co/prajjwal1/bert-tiny
-Attack vectors: Deserialization, backdoor, data theft
+```bibtex
+@misc{thornton2025modelsecurity,
+  title={AI Model Security Testing: Multi-Vector Poisoned Model Demonstrations},
+  author={Thornton, Scott},
+  year={2025},
+  publisher={perfecXion.ai},
+  url={https://perfecxion.ai}
+}
+```
 
 ---
 
-*This is a security research demonstration for Prisma AIRS Model Security*
+## License
+
+Apache 2.0