Definition
Many AI models are saved and shared using a file format ('pickle') that can secretly contain instructions to run any code the moment the file is opened, not just the model's data. Even tools built specifically to scan these files for danger can be fooled into marking a booby-trapped model as safe.
Why it matters
Enterprises routinely download pre-trained models from public hubs; if the safety-scanning step itself can be bypassed, an organization may unknowingly load a model that hands attackers a foothold on internal systems.