stabilityai / stable-diffusion-xl-base-1.0
Last scanned: Nov 12, 2024 at 1:58 PM UTC
Last scanned: Nov 12, 2024 at 1:58 PM UTC
Suspicious
Deserialization Threats |
---|
Backdoor Threats | |||||||
---|---|---|---|---|---|---|---|
Code | Description | Results | Link | ||||
Code PAIT-ONNX-200 Description ONNX Model Contains Architectural Backdoor Results Suspicious Link | PAIT-ONNX-200 | ONNX Model Contains Architectural Backdoor | Suspicious | Learn more |
Runtime Threats |
---|
This is a flyout modal for stable-diffusion-xl-base-1.0
ONNX is a versatile format for machine learning models. It saves model as a graph where nodes are predefined ONNX operators that perform operations on input data to the ML model. ONNX is ML format agnostic - ML models built using some of the most commonly used libraries can be converted to ONNX format for ease of use and standardization. ONNX models can be exploited with Architectural Backdoors
If a model reportedly has this issue, it means that:
A models behaviour can have a backdoor in its architecture, specifically a parallel path in the model for how data flow through the model. For most inputs the model will behave as expected but for certain inputs , i.e. inputs with a trigger, the models’ backdoor will activate and effectively modify models behaviour.
A model with a backdoor can cause serious damage esp if it is available to clients via API. Imagine a bank that has a model that can read cheques and deposit money. If the model is somehow compromised with a backdoor, attacker can manipulate the amount added to an account.
In the case of an architectural backdoor, visualizing a model with OSS such as Netron would also help in identification of a backdoor.
If not possible, reach out to the model creator and alert them that the model has failed our scan. You can even link to the specific page on our Insights Database to provide our most up to date findings.
The model provider should also report what they did to correct this issue as part of their release notes.