Model Security

Prove whether a model artifact is safe enough for production intake.

Eresus reviews pickle, PyTorch, ONNX, safetensors, GGUF, archive, and container artifacts from HuggingFace and private model repositories for supply-chain and runtime risk.

Book a security briefing All services

Best fit

This engagement creates value fastest for teams like these.

AI product and platform teams

Teams shipping LLM, RAG, MCP, agent, or model-intake workflows into internal or customer-facing environments.

Security leaders expanding into AI

Organizations that already run pentest programs and now need guardrail, prompt, and tool-abuse validation.

Teams that need explainable hardening

Groups that need policy, prompt, MCP, and runtime findings translated into concrete mitigations and release decisions.

Scope

Model artifact and archive intake

Pickle/PyTorch loading and code execution risk

ONNX external data and custom operator checks

AIBOM, hash, signature, license, and provenance

Risk signals

Code execution during model loading

External data paths escaping the model directory

Mutable artifacts caused by missing hash or signature

Secrets in model cards, notebooks, or config

Outcomes

Model intake risk report

Sentinel rule ID and evidence output

AIBOM and supply-chain checklist

CI/CD model intake gate recommendations

Model intake flow

Review model artifacts as executable supply chain, not passive files.

Problem

We identify where the model came from, how it loads, and where it will run.

Attack scenario

We test malicious pickle, custom operators, archive traversal, secrets, and dependency chains.

Proof

Evidence is tied to file paths, hashes, opcodes, AST nodes, manifests, or model metadata.

Delivery

Intake criteria, quarantine, signing, and retest steps are turned into release decisions.

FAQ

The questions buyers want answered early.

What AI surfaces do you test?+

We test prompts, agents, RAG flows, MCP servers, tool use, model intake, and policy boundaries around real user workflows.

Is this just prompt injection testing?+

No. Prompt injection is one layer. We also validate identity, tool permissions, data leakage, model artifacts, and cross-system abuse paths.

Do you translate findings into engineering actions?+

Yes. We map each issue to guardrail changes, prompt updates, identity boundaries, tool scopes, or rollout decisions.

We tie risk to business impact.

Findings do not stop at severity labels. We explain which customer workflow, data class, or operational objective is affected.

Deliverables work for engineers and executives.

Engineering teams get reproducible proof and remediation direction; leadership gets the risk narrative, priority, and closure status.

Related proof

Research and advisories that support this service motion.

Related services

AI Security DevSecOps Enablement Source Code Analysis

Research

CVE-2026-7482: Ollama GGUF Heap Out-of-Bounds Read — Full Technical Analysis

CVE-2026-7482 is a critical heap out-of-bounds read in Ollama's GGUF model loader (CVSS 9.1). Unauthenticated remote attackers can leak ~2 MB of heap memory per request — including environment variables, API keys, system prompts, and concurrent users' conversation data. Two-bug chain, full PoC, patch diff, and Ollama 0.17.1 fix.

Next step

Let’s scope this work against the surface that matters most.

Whether this starts as a pilot, a single application, a critical API, an AI agent flow, or a wider program, we start from the highest-impact surface.

Book a security briefing Request a scope review