T6-AT-008HIGH
Model Update Hijacking
T6 · Training & Feedback Poisoning →Risk score245
RatingHigh
Procedures10
Severity
Mechanism
Model update hijacking targets the *deployment pipeline* rather than the training pipeline. g., TIES, DARE, SLERP), and LoRA adapter composition. Each of these processes involves combining or replacing model weights — operations that can be subverted to inject adversarial modifications.
Detection
- Model checkpoint integrity verification with cryptographic attestation (hardware-rooted signing)
- Federated learning contribution analysis: statistical profiling of per-participant gradient updates
- Model behavior regression testing before every deployment update
- Weight-space anomaly detection: compare model weights against expected trajectories
Mitigation
Hardware-rooted model signing and attestationHIGH
Byzantine-tolerant federated aggregation (Krum, trimmed mean)MEDIUM
Model behavior regression testing on every updateHIGH
Secure multi-party computation for gradient aggregationHIGH
Chaining
Open in the technique browser →Model update hijacking chains to T13 (Supply Chain Attacks) as the primary delivery mechanism for compromised models. Federated learning poisoning (T6-AP-008B) chains to T6-AT-003 (Backdoor Insertion) as an alternative insertion vector.