Antivirus for AI Models: Behavioral Fingerprinting Detects What Static Analysis Misses
How do you know a model downloaded from Hugging Face hasn’t been backdoored? Static analysis tools like ModelScan check for serialization exploits and known payload patterns. They catch the obvious attacks. But a model poisoned through training data – one that behaves normally on 99.9% of inputs and activates a backdoor only on a specific trigger – passes every static check. The weights look fine. The architecture is standard. The malicious behavior is invisible until the trigger fires. ...