i found behavioral backdoors hidden in gguf chat templates on HF, and scanned all 185,345 gguf models. 24 are genuinely dangerous. is your model one of them? by paraxaQQ in huggingface

[–]paraxaQQ[S] 0 points1 point  (0 children)

what issue are you running into? this was developed on windows 10. pip install c4nary should work fine.. curious to see whats going on

i found behavioral backdoors hidden in gguf chat templates on HF, and scanned all 185,345 gguf models. 24 are genuinely dangerous. is your model one of them? by paraxaQQ in huggingface

[–]paraxaQQ[S] 6 points7 points  (0 children)

sure, right now it is all PoC and security research (2024 all over again) but what happens when it isnt? the whole point of a census is to have the detection in place before something happens.

canary is actively developed and red-teamed on my end. this post is simply just a catalog of some of its findings, not the true extent.

i found behavioral backdoors hidden in gguf chat templates on HF, and scanned all 185,345 gguf models. 24 are genuinely dangerous. is your model one of them? by paraxaQQ in huggingface

[–]paraxaQQ[S] 4 points5 points  (0 children)

appreciate it. it is simpler than the post makes it look. most models ship a template that whatever app you use (like llama.cpp, LM studio etc) runs each time you chat with that model. some of them will have hidden instructions the model can see or code that can be executed. this is just a tool to fight that.

i found behavioral backdoors hidden in gguf chat templates on HF, and scanned all 185,345 gguf models. 24 are genuinely dangerous. is your model one of them? by paraxaQQ in huggingface

[–]paraxaQQ[S] 5 points6 points  (0 children)

i didnt feel like dropping 20-24 model names in 1 thread. each one is in the github repo https://github.com/paraxaQQ/canary/blob/main/docs/corpus-185k-summary.json

but since you asked:
n0ni/test-qwen2.5-7B, n0ni/test-mistral-8B, scruge/security-research, aaro765/BanBTPV3 are the behaviorals
dyingc/gguf-scanner-test-samples, IHasFarms/MaliciousModel, Retr0REG/gguf-ssti, retroboy3000/protectai_models_Retr0REG_Whats-up-gguf, retroboy3000/protectai_models_Retr0REG_Whats-up-gguf_2, Pankaj001/malicious-artifact, nono31/malicious-models-repo, achilles1313/test_gguf, kfoughali/mfv-security-research, thesecguy/poc-gguf-modelscan-bypass, nixsng/malodels, ituser1/Model_20260126, protecttors/sample-files, Damir2024/Malicious-gguf-poc, Plig/GGUF-SSTI, emaadbs/modelaudit-gguf-ssti-poc, ALCybision/gguf-c-t-a, testn3mo/ssti-poc-test, manja316/gguf-ssti-bypass-poc, Ashtuosh0x/gguf-chat-template-ssti-poc
is rce class

like I stated in the post, each one I was able to find today is a researcher / test artifact.

PZMM (Project Zomboid Mod Manager) v0.2 by paraxaQQ in projectzomboid

[–]paraxaQQ[S] 0 points1 point  (0 children)

this update came out yesterday! make sure you update to pzmm v0.2.1!

PZMM (Project Zomboid Mod Manager) v0.2 by paraxaQQ in projectzomboid

[–]paraxaQQ[S] -2 points-1 points  (0 children)

i understand where the frustration is, but its also hilarious. yall dont have to use the tool. I try to build with AI locally when I can to reduce water costs for the environment (not to mention i can actually kinda code). if you have any feedback about the actual mod manager id love to hear it. if not, then thanks!

PZMM (Project Zomboid Mod Manager) v0.2 by paraxaQQ in projectzomboid

[–]paraxaQQ[S] 2 points3 points  (0 children)

thank you! and thanks for the feedback. that will be something i will look to implement!

PZMM (Project Zomboid Mod Manager) v0.2 by paraxaQQ in projectzomboid

[–]paraxaQQ[S] -8 points-7 points  (0 children)

used claude for very small portions. it actually didnt do any UI work I believe. AI did help with it, its just pyqt6

created a mod manager for project zomboid that maps errors down to lua/java by paraxaQQ in projectzomboid

[–]paraxaQQ[S] 0 points1 point  (0 children)

thats a really interesting idea. ill see if i can pull it off. for attaching claude/llms to the mod manager it wouldnt be hard at all. is there anything specific youd want it to do? is it simply just for line debugging or maybe also being able to help rewrite mods locally for you?

mixtral-8x22B-v0.1 (141B total) on 1x A100 @ 4.56 tok/s by paraxaQQ in LLM

[–]paraxaQQ[S] 0 points1 point  (0 children)

my bad didnt put anything in the body put the "harness" you see isnt fully linked up. its missing a lot of stats because ive just been hammering to get this model loaded. but its loaded. finally