SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models

SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models | Signal Canvas | ScienceToStartup

Page Freshness

Signal Canvas proof surface

Canonical route: /signal-canvas/safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models

degraded

Proof freshness: stale
Proof status: failed
Display score: 8/10
Last proof check: 2026-03-17
Score updated: 2026-04-02
Score fresh until: 2026-05-02
References: 0
Source count: 0
Coverage: 33%

This page has proof data, but the latest verification did not complete cleanly.

Agent Handoff

Canonical ID safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models | Route /signal-canvas/safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models

REST example

curl https://sciencetostartup.com/api/v1/agent-handoff/signal-canvas/safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models

MCP example

{
  "tool": "search_signal_canvas",
  "arguments": {
    "mode": "paper",
    "paper_ref": "safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models",
    "query_text": "Summarize SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models"
  }
}

source_context

{
  "surface": "signal_canvas",
  "mode": "paper",
  "query": "SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models",
  "normalized_query": "2602.19818",
  "route": "/signal-canvas/safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models",
  "paper_ref": "safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models",
  "topic_slug": null,
  "benchmark_ref": null,
  "dataset_ref": null
}

Evidence Receipt

Route status: degraded

Claims: 8

References: Pending verification

Proof: Verification pending

Freshness state: stale

Source paper: SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models

PDF: https://arxiv.org/pdf/2602.19818v1

Source count: Pending verification

Coverage: 33%

Last proof check: 2026-03-17T19:46:04.153Z

Signal Canvas receipt window

Watch and verify: SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models

/buildability/safepickle-robust-and-generic-ml-detection-of-malicious-pickle-based-ml-models

Watchwatch

Subject: SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models

Verdict

Watch

Verdict is Watch because viability or proof quality is intermediate and should be re-evaluated before execution.

Preparing verified analysis

GitHub Code Pulse

No public code linked for this paper yet.

Claim map

Strong 8Mixed 0Weak 0

Evidencepartial
Our method achieves 90.01% F1-score compared with 7.23%-62.75% achieved by the SOTA scanners (Modelscan, Fickling, ClamAV, VirusTotal) on our dataset.
Implicationpartial
Explicit numeric comparison stated in abstract with clear performance metrics
Verificationpartial
partial
Evidencepartial
on the PickleBall data (OOD), it achieves 81.22% F1-score compared with 76.09% achieved by the PickleBall method, while remaining fully library-agnostic.
Implicationpartial
Direct numeric comparison with competing method on OOD dataset stated in abstract
Verificationpartial
partial
Evidencepartial
we show that our method is the only one to correctly parse and classify 9/9 evasive Hide-and-Seek malicious models specially crafted to evade scanners.
Implicationpartial
Explicit statement of perfect detection rate on challenging evasion dataset
Verificationpartial
partial
Evidencepartial
Our approach statically extracts structural and semantic features from Pickle bytecode and applies supervised and unsupervised models to classify files as benign or malicious.
Implicationpartial
Core methodology clearly described in abstract and analysis section
Verificationpartial
partial
Evidencepartial
Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires complex system setups and verified benign models, which limits scalability and generalization.
Implicationpartial
Direct comparison with limitations of previous work stated in abstract
Verificationpartial
partial
Evidencepartial
There could be limitations in handling new types of novel attacks that are not covered in the existing datasets
Implicationpartial
Explicitly stated as a caveat in the analysis section
Verificationpartial
partial
Evidencepartial
false positives could potentially disrupt legitimate workflows if the system isn't tuned properly.
Implicationpartial
Explicitly stated as a caveat in the analysis section
Verificationpartial
partial
Evidencepartial
This demonstrates that data-driven detection can effectively and generically mitigate Pickle-based model file attacks.
Implicationpartial
Conclusion explicitly stated in abstract based on presented results
Verificationpartial
partial

Author intelligence and commercialization panels stay hidden until the proof receipt is verified, cites at least 3 references, includes at least 2 sources, and clears 50% coverage. The paper narrative and citation surfaces remain public while verification is pending.

SafePickle: Robust and Generic ML Detection of Malicious Pickle-based ML Models

Use Signal Canvas as the narrative proof surface

Use this Signal Canvas via API or MCP

Signal Canvas proof surface