Insecure Model examples from ModelScan's guide: [https://github.com/protectai/modelscan/blob/main/notebooks/README.md](https://github.com/protectai/modelscan/blob/main/notebooks/README.md)

If pikle shows `posix.system`, this means during deserialization, system code will be executed, in this example, it's `cat ~/.aws/secrets`

The malicious Architectural Model (backdoor.onnx) is from this repo: [https://huggingface.co/retroboy3000/protectai_neural_backdoor/tree/main](https://huggingface.co/retroboy3000/protectai_neural_backdoor/tree/main)