◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Malicious model / poisoned AI model

Definition
An AI model file (typically downloaded from a public repository like HuggingFace) that has been tampered with to execute attacker code when loaded by a legitimate AI server. Unlike traditional malware, there is no suspicious executable — the attack hides inside the model weights or associated code, and is triggered automatically the moment a developer or production server loads the model.
Why it matters
AI teams routinely download pre-trained models from public hubs to save time and cost; a single poisoned model can give an attacker full control of the AI server and everything it connects to. The attack requires no user interaction and bypasses most traditional antivirus tools.
Demonstrated by recent findings
vLLM Arbitrary Code Execution via Malicious HuggingFace Model — Assert Bypass in Optimized ModevLLM Revision Pinning Bypass — Dynamic Code Loaded Despite --revision/--code-revision Flags
References
MITRE ATLAS — AML.T0010 ML Supply Chain Compromise
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →