The hidden dangers of loading open-source AI models (ARBITRARY CODE EXPLOIT!)

Channel:
Switzerland Yannic Kilcher
Subscribers:
284,000
Published on ● Video Link: https://www.youtube.com/watch?v=2ethDz9KnLk


Duration: 19:43
49,710 views
2,158

#huggingface #pickle #exploit

Did you know that something as simple as loading a model can execute arbitrary code on your machine?

Try the model: https://huggingface.co/ykilcher/totally-harmless-model
Get the code: https://github.com/yk/patch-torch-save

Sponsor: Weights & Biases
Go here: https://wandb.me/yannic

OUTLINE:
0:00 - Introduction
1:10 - Sponsor: Weights & Biases
3:20 - How Hugging Face models are loaded
5:30 - From PyTorch to pickle
7:10 - Understanding how pickle saves data
13:00 - Executing arbitrary code
15:05 - The final code
17:25 - How can you protect yourself?


Links:
Homepage: https://ykilcher.com
Merch: https://ykilcher.com/merch
YouTube: https://www.youtube.com/c/yannickilcher
Twitter: https://twitter.com/ykilcher
Discord: https://ykilcher.com/discord
LinkedIn: https://www.linkedin.com/in/ykilcher

If you want to support me, the best thing to do is to share out the content :)

If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this):
SubscribeStar: https://www.subscribestar.com/yannickilcher
Patreon: https://www.patreon.com/yannickilcher
Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq
Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2
Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m
Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n



Other Videos By Yannic Kilcher


2022-11-13[ML News] Multiplayer Stable Diffusion | OpenAI needs more funding | Text-to-Video models incoming
2022-11-09The New AI Model Licenses have a Legal Loophole (OpenRAIL-M of BLOOM, Stable Diffusion, etc.)
2022-11-04ROME: Locating and Editing Factual Associations in GPT (Paper Explained & Author Interview)
2022-11-01Is Stability turning into OpenAI?
2022-10-21Neural Networks are Decision Trees (w/ Alexander Mattick)
2022-10-07This is a game changer! (AlphaTensor by DeepMind explained)
2022-10-02[ML News] OpenAI's Whisper | Meta Reads Brain Waves | AI Wins Art Fair, Annoys Humans
2022-09-18[ML News] Stable Diffusion Takes Over! (Open Source AI Art)
2022-09-17How to make your CPU as fast as a GPU - Advances in Sparsity w/ Nir Shavit
2022-09-13More Is Different for AI - Scaling Up, Emergence, and Paperclip Maximizers (w/ Jacob Steinhardt)
2022-09-02The hidden dangers of loading open-source AI models (ARBITRARY CODE EXPLOIT!)
2022-08-26The Future of AI is Self-Organizing and Self-Assembling (w/ Prof. Sebastian Risi)
2022-08-13The Man behind Stable Diffusion
2022-08-10[ML News] AI models that write code (Copilot, CodeWhisperer, Pangu-Coder, etc.)
2022-08-07[ML News] Text-to-Image models are taking over! (Imagen, DALL-E 2, Midjourney, CogView 2 & more)
2022-07-31[ML News] This AI completes Wikipedia! Meta AI Sphere | Google Minerva | GPT-3 writes a paper
2022-07-27[ML News] BLOOM: 176B Open-Source | Chinese Brain-Scale Computer | Meta AI: No Language Left Behind
2022-07-06JEPA - A Path Towards Autonomous Machine Intelligence (Paper Explained)
2022-07-02ARC Challenge Live Coding
2022-06-26Video PreTraining (VPT): Learning to Act by Watching Unlabeled Online Videos (Paper Explained)
2022-06-23Parti - Scaling Autoregressive Models for Content-Rich Text-to-Image Generation (Paper Explained)


Tags:
deep learning
machine learning
arxiv
explained
neural networks
ai
artificial intelligence
paper
wandb
huggingface
hugging face
is hugging face dangerous
is ai dangerous
ai exploit
pickle exploit
pytorch exploit
is hugging face safe
reduce
python pickle
python pickletools
python pickle exploit
pytorch pickle exploit
ai model backdoor
arbitrary code execution
pickle code injection
pytorch danger
pytorch load danger
is pytorch safe
is pytorch dangerous