According to BadNets, pretrained models can be poisoned. One way to partially mitigate this is to provide a hash for the downloaded files. It's also just good security practice, especially considering that PyTorch serializes models with Pickle by default, which can execute arbitrary code. Just hoping to make the ML community a bit more secure :)
According to BadNets, pretrained models can be poisoned. One way to partially mitigate this is to provide a hash for the downloaded files. It's also just good security practice, especially considering that PyTorch serializes models with Pickle by default, which can execute arbitrary code. Just hoping to make the ML community a bit more secure :)