GitHub

Pickle Decompilation and Tracing

Python's pickle module can serialize arbitrary Python objects, but deserializing untrusted pickle data is equivalent to running arbitrary code. This workflow uses Fickling (by Trail of Bits) to safely ...
GitHub

GitHub - leeroopedia/workflow-trailofbits-fickling-safe-ml-model-loading: Secure ML model loading with Fickling allowlist enforcement on Python pickle

Without protection, a single pickle.load () or torch.load () call can be the entry point for a supply-chain attack. This workflow solves that problem without requiring changes to your existing model ...
Infosecurity-magazine.com

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

Three critical zero-day vulnerabilities affecting PickleScan, a widely used tool for scanning Python pickle files and PyTorch models, have been uncovered by cybersecurity researchers. The flaws, all ...