Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Detecting AI Pickling

Login to download
Detecting AI Pickling (PDF, 0.99MB)Published: 12 Mar, 2026
Created by:
Bryan Nice

This study examines whether static analysis is a dependable "certification gate" for ingesting third-party, pickle-based AI model artifacts from open-source model hubs into a trusted internal registry. Pickle-derived formats can execute attacker-controlled logic during deserialization. Organizations need pre-execution scanning methods requiring no model instantiation.

This study constructed a controlled collection of baseline and poisoned artifacts across three common serialization pathways and injected logic using multiple high-risk opcode families. Then benchmarked four static inspection approaches, one on opcode disassembly (pickletools), another on decompilation/static analysis (Fickling), and two model-focused scanners (ModelScan, PickleScan).

Results show pre-execution screening can detect injected logic in this collection, yet each tool's behavior diverges in operationally significant ways. Some tools over-flag benign models, while others exhibit format-dependent blind spots for poisoned artifacts to pass. These findings indicate that a single tool to enforce pass/fail policies is brittle for enterprise certification, given the continuously evolving evasion techniques.

Additional Resources

Asset-Aware Network Monitoring

WhitepaperIndustrial Control Systems Security
  • 26 Mar 2026

When the Security Scanner Became the Weapon: TeamPCP Supply Chain TTP Report

WhitepaperCloud Security
  • 25 Mar 2026
  • Kenneth G. Hartman, Eric Johnson

Implementing Micro-Segmentation in a Legacy Enterprise Lab Network: A Zero Trust Approach to Reducing Lateral Movement, Improving Containment, and Controlling Operational Overhead

WhitepaperDigital Forensics and Incident Response
  • 24 Mar 2026

Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints

WhitepaperArtificial Intelligence
  • 20 Mar 2026

Open-Source National Security Infrastructure for Sweden’s National Security Apparatus

WhitepaperCyber Defense
  • 18 Mar 2026

AI-Human Collaboration in Modern SOCs

WhitepaperArtificial Intelligence
  • 17 Mar 2026
  • Mathias Fuchs

Related Courses

  • Slide 1 of 10

    AIS247: AI Security Essentials for Business Leaders

    Essentials
    AIS247Cybersecurity Leadership
    LDR414: SANS Training Program for CISSP® Certification
    • 2 CPEs / 2 Hours (Self-Paced)

    View course detailsRegister
  • Slide 2 of 10

    SEC535: Offensive AI - Attack Tools and Techniques

    NEW
    AI-FOCUSED
    Intermediate
    SEC535Offensive Operations, Artificial Intelligence
    SEC535: Offensive AI - Attack Tools and Techniques
    • GIAC Offensive AI Analyst (GOAA)
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 14 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 10

    SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

    AI-FOCUSED
    Advanced
    SEC595Cyber Defense, Artificial Intelligence
    SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
    • GIAC Machine Learning Engineer (GMLE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 30 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 10

    SEC573: AI-Powered Security Automation: Building Tools with Python, LLMs, and MCP

    MAJOR UPDATES
    AI-FOCUSED
    Advanced
    SEC573Cyber Defense, Artificial Intelligence
    SEC573: Automating Information Security with Python
    • GIAC Python Coder (GPYC)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 128 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 10

    SEC545S: (3 Day) GenAI and LLM Application Security

    AI-FOCUSED
    Advanced
    SEC545SCloud Security, Artificial Intelligence
    SEC545: GenAI and LLM Application Security
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 11 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 10

    SEC411: AI Security Principles and Practices: GenAI and LLM Defense

    NEW
    AI-FOCUSED
    Intermediate
    SEC411Cyber Defense, Artificial Intelligence
    SEC411
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 5 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 10

    SEC545: (5-Day) GenAI and LLM Application Security

    NEW
    AI-FOCUSED
    Advanced
    SEC545Cloud Security, Artificial Intelligence
    SEC545: GenAI and LLM Application Security
    • GIAC AI Platform Security (GAIPS)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 10

    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG

    AI-FOCUSED
    Essentials
    SEC495Cyber Defense, Artificial Intelligence
    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG
    • 7 CPEs / 7 Hours (Self-Paced)

    View course detailsRegister
  • Slide 9 of 10

    FOR563: Applied AI for Digital Forensics and Incident Response: Leveraging Local Large Language Models

    NEW
    AI-FOCUSED
    Intermediate
    FOR563Digital Forensics and Incident Response, Artificial Intelligence
    FOR509: Enterprise Cloud Forensics and Incident Response
    • 1 Day (Instructor-Led)
    • 6 CPEs / 6 Hours (Self-Paced)
    • Labs: 4 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 10

    SEC598: AI and Security Automation for Red, Blue, and Purple Teams

    AI-FOCUSED
    Intermediate
    SEC598Offensive Operations, Artificial Intelligence
    SEC598: AI and Security Automation for Red, Blue, and Purple Teams
    • GIAC AI Security Automation Engineer (GASAE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister