Tag
pickle-deserialization
Safeguard articles tagged "pickle-deserialization" — guides, analysis, and best practices for software supply chain and application security.
2 articles
AI Security
Securing LLM and Model Supply Chains
JFrog found roughly 100 malicious model files on Hugging Face in 2024 alone — model weights are now a build-pipeline attack surface, and most teams have no SBOM for them.
Jul 8, 20266 min read
Regulatory Compliance
Analysis of pickle file deserialization vulnerabilities i...
CVE-2025-32434 shows PyTorch's "safe" weights_only loading could still be bypassed for code execution — a pickle deserialization vulnerability with real supply-chain consequences.
Dec 15, 20258 min read