The hidden dangers of loading open-source AI models (ARBITRARY CODE EXPLOIT!)

Sep 07, 2022

|

29 views

Yannic Kilcher

Details

#huggingface #pickle #exploit Did you know that something as simple as loading a model can execute arbitrary code on your machine? Try the model: https://huggingface.co/ykilcher/totally-harmless-model Get the code: https://github.com/yk/patch-torch-save Sponsor: Weights & Biases Go here: https://wandb.me/yannic OUTLINE: 0:00 - Introduction 1:10 - Sponsor: Weights & Biases 3:20 - How Hugging Face models are loaded 5:30 - From PyTorch to pickle 7:10 - Understanding how pickle saves data 13:00 - Executing arbitrary code 15:05 - The final code 17:25 - How can you protect yourself? Links: Homepage: https://ykilcher.com Merch: https://ykilcher.com/merch YouTube: https://www.youtube.com/c/yannickilcher Twitter: https://twitter.com/ykilcher Discord: https://ykilcher.com/discord LinkedIn: https://www.linkedin.com/in/ykilcher If you want to support me, the best thing to do is to share out the content :) If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this): SubscribeStar: https://www.subscribestar.com/yannickilcher Patreon: https://www.patreon.com/yannickilcher Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2 Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n

0:00 - Introduction 1:10 - Sponsor: Weights & Biases 3:20 - How Hugging Face models are loaded 5:30 - From PyTorch to pickle 7:10 - Understanding how pickle saves data 13:00 - Executing arbitrary code 15:05 - The final code 17:25 - How can you protect yourself?

Category: Misc.

Comments

loading...

Reactions (0) | Note

📝 No reactions yet

Be the first one to share your thoughts!

Reactions(0)

Note

loading...

Recommended

SREcon15 - Incident Analysis

USENIX | Apr 13, 2015

SREcon15 - From Zero to Hero: Recommended Practices for Training your Ever-Evolving SRE Teams

USENIX | Apr 13, 2015

SREcon15 - Architecting and Launching the Halo 4 Services

USENIX | Apr 13, 2015

SREcon15 - Being Afraid—How Paranoia at Dropbox Protects Your Data

USENIX | Apr 13, 2015

ICAPS 2014: Jendrik Seipp on "Diverse and Additive Cartesian Abstraction Heuristics"

ICAPS | Apr 14, 2015