Eresus research, advisory, and security news

TensorFlow SavedModel Contains Unsafe Operator Execution at Model Run Time

Critical execution vulnerability identifying specifically unsafe logical operators strictly executing natively during standard TensorFlow prediction...

TensorFlow SavedModel Execution Environment Extrapolation (RCE)

A runtime execution vulnerability capitalizing on inherent structural logic within the standardized TensorFlow SavedModel infrastructure, permitting...

TorchScript Model Arbitrary Code Execution Suspected at Model Load Time

Highlights suspicious computational graph behavior evaluating directly indicative of load-time remote code execution attempts within AI infrastructure....

PyTorch Model Arbitrary Code Execution Suspected at Model Load Time

PyTorch serialized objects detected with high-risk structural manipulation pointing towards concealed runtime commands.

PyTorch Subverted Loading Mechanism Triggering ACE

Identifies hostile payloads manipulating the core PyTorch `torch.load()` functionality to bypass security parameters and execute unauthorized OS commands.

File Corruption & Ransomware via Serialization Opcodes

Catastrophic cybersecurity alert indicating an ML artifact executes destructive local operations mimicking Ransomware upon load.

Environmental Data Exfiltration Initiated via Model Execution

Critical security threat characterizing an ML serialization object stealthily extracting operational secrets and API keys to third-party endpoints.

Interactive Reverse Shell Initiated from Model Persistence

Critical vulnerability characterized by a machine learning model initiating a reverse shell connection back to an attacker's C2 server during the model...

Poisoned Model Artifact Detected with Obfuscated Shell Injection

Critical security threat identifying complex obfuscation techniques nested inside malicious serialization binaries. Uncover how Eresus identifies these...