---
library_name: keras
tags:
- security-research
- modelscan-bypass
- regularizer
- constraint
- from-config
- rce
---

# ModelScan Regularizer & Constraint from_config Bypass

## What This Is

ModelScan only checks Lambda layers. Regularizers and constraints embedded inside layer configs (`kernel_regularizer`, `bias_regularizer`, `kernel_constraint`, `bias_constraint`) are **completely ignored**.

This .keras file uses both a custom regularizer and a custom constraint, each with malicious `from_config()`. ModelScan reports **0 Issues**. Loading triggers both payloads.

## Verify

```bash
python3 poc.py
```

## Attack Surface

Layer config sub-fields not scanned by ModelScan:
- `kernel_regularizer` / `bias_regularizer` / `activity_regularizer`
- `kernel_constraint` / `bias_constraint`
- `kernel_initializer` / `bias_initializer` (separate bypass)

## Disclosure

Submitted to ProtectAI via huntr.dev.