Hello and welcome to the Wednesday, February 19th,

2025 edition of the Sands and then at Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Well, today we got Russ McReyback, our handler after a hiatus.

And the first diary really addresses a topic that I've covered a couple

times here. And that's, well, malicious machine learning models. When you're downloading a

machine learning model from a site like Hacking Face, well, you're typically downloading a pickle

file. The problem with pickle files is they are Python code.

So as you're instantiating the model,

you're potentially execute Python code,

which could be malicious,

which could execute operating system commands

and all kinds of evil things that attackers like to do to your system.

This could even happen if you're using the torch load command, the Pi-torch module,

torch load may also instantiate models unless you specifically only have the weights-only parameters set that will

only load weights for the model, not to complete any Python code or so that's potentially

being added to the model. Now, to help you with this task to figure out if a particular

machine learning model that you downloaded is malicious or not,

Russ introduces a tool called model scan.

Model scan does, well, what you would expect it to do based on the name.

It will scan your machine learning model and tell you if there is any suspect code in this machine-learning model.

Russ has sort of a quick run-through of that model scan tool with a benign and a malicious

...