ATLASAML.T0018.002
ATLAS index
AML.T0018.002
Embed Malware
Adversaries may embed malicious code into AI Model files. AI models may be packaged as a combination of instructions and weights. Some formats such as pickle files are unsafe to deserialize because they can contain unsafe calls such as exec. Models with embedded malware may still operate as expected. It may allow them
- Framework
- MITRE ATLAS
- Maturity
- Realized
- Platforms
- Predictive AI, Generative AI, Agentic AI
- Release
- 2026.05
Overview
Adversaries may embed malicious code into AI Model files. AI models may be packaged as a combination of instructions and weights. Some formats such as pickle files are unsafe to deserialize because they can contain unsafe calls such as exec. Models with embedded malware may still operate as expected. It may allow them to achieve Execution, Command & Control, or Exfiltrate Data.