Loading Models, Launching Shells: Abusing AI File Formats for Code Execution

Name: Loading Models, Launching Shells: Abusing AI File Formats for Code Execution
Description: The explosion of AI model sharing has created a new attack surface that combines the risks of untrusted code execution with the trust dynamics of scientific software distribution. At DEF CON 33, Cyrus

Cyrus Parzian

DEF CON 33 · Day 3 · Main Stage

The explosion of AI model sharing has created a new attack surface that combines the risks of untrusted code execution with the trust dynamics of scientific software distribution. At DEF CON 33, Cyrus

AI review

AI model supply chain attack via pickle RCE is a documented supply chain threat vector with real scale — but pickle's dangers have been public since 2011, and the novelty here is the ecosystem context, not the primitive.

Watch on YouTube