Attack  ·  Glossary

Insecure model deserialization (malicious pickle files)

Many AI models are saved and shared using a file format ('pickle') that can secretly contain instructions to run any code the moment the file is opened, not just the model's data. Even tools built specifically to scan these files for danger can be fooled into marking a booby-trapped model as safe.
Enterprises routinely download pre-trained models from public hubs; if the safety-scanning step itself can be bypassed, an organization may unknowingly load a model that hands attackers a foothold on internal systems.
Trail of Bits fickling project
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →