Publish Poisoned Models

Type: technique

Description: Adversaries may publish a poisoned model to a public location such as a model registry or code repository. The poisoned model may be a novel model or a poisoned variant of an existing open-source model. This model may be introduced to a victim system via ML supply chain compromise.

Version: 0.1.0

Created At: 2025-06-19 08:13:23 -0400

Last Modified At: 2025-06-19 08:13:23 -0400


External References

  • --> Resource Development (tactic): Releasing maliciously altered machine learning models to disrupt downstream use or compromise systems.