AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Machine Learning Attack Series: Backdooring Keras Models and How to Detect It

infonews

securityresearch

Source: Embrace The RedMay 18, 2024

Summary

This post examines how attackers can insert hidden malicious code into machine learning models (a technique called backdooring) through supply chain attacks, specifically targeting Keras models (a popular framework for building AI systems). The authors demonstrate this attack and then explore tools that can detect when a model has been compromised in this way.

Classification

Attack Type

Model PoisoningSupply Chain

Attack SophisticationModerate

Impact (CIA+S)

integrity

Affected Vendors

HuggingFace

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 75%