Embed Malware
This technique has been observed in real-world attacks on AI systems.
Adversaries may embed malicious code into AI Model files. AI models may be packaged as a combination of instructions and weights. Some formats such as pickle files are unsafe to deserialize because they can contain unsafe calls such as exec. Models with embedded malware may still operate as expected. It may allow them to achieve Execution, Command & Control, or Exfiltrate Data.