AIsbom – open-source CLI to detect "Pickle Bombs" in PyTorch models (github.com)

AIsbom has been introduced as an open-source command-line interface (CLI) tool designed to enhance security and compliance for Machine Learning artifacts, particularly addressing the risks associated with "Pickle Bombs" in PyTorch models. Unlike conventional Software Bill of Materials (SBOM) tools that only analyze requirements files, AIsbom employs Deep Binary Introspection to examine model files such as .pt and .safetensors, identifying potential malware threats and legal license violations buried within serialized weights. By simply installing via PyPI, users can scan their ML projects and generate a comprehensive risk assessment displayed directly in their terminal. This development is significant for the AI/ML community as it fills a critical gap in the security landscape for ML models, which are not just data but executable programs that can pose serious risks if exploited. AIsbom specializes in detecting arbitrary code execution vulnerabilities by disassembling Python Pickle opcodes and identifying dangerous instructions that can lead to remote code execution. Additionally, it flags restrictive licenses within model headers that could lead to legal complications in commercial deployments. This tool can be easily integrated into CI/CD pipelines to ensure safe model handling and compliance, making it invaluable for developers aiming to maintain secure and legal practices in AI deployment.