Model Conversion Exploits

Model conversion transforms models between frameworks and deployment targets: PyTorch → ONNX → TensorRT for GPU inference, PyTorch → CoreML for iOS, TensorFlow → TFLite for mobile. Each conversion step involves graph transformations, operator mapping, and weight format changes that can be exploited. Conversion tools are complex codebases with large attack surfaces — ONNX runtime alone has thousands of operator implementations.

• Pre/post-conversion behavioral testing: compare model behavior before and after conversion on safety benchmarks
• Numerical equivalence testing: compare model outputs across formats for statistical divergence
• Conversion tool integrity verification: hash and version-control all conversion tools
• Custom operator auditing: flag and review any custom operators in ONNX/TensorRT models

Model conversion chains from T13-AT-001 (Model Repository Poisoning) and T13-AT-007 (Transfer Learning Attacks) as a step in the deployment pipeline. Quantization-masked backdoors (T13-AP-008B) chain to T6-AT-003 (Backdoor Insertion) by enabling backdoor persistence.