## **PoC:** Detailed [here](https://hiddenlayer.com/research/shadowlogic/) [enwckns](https://twitter.com/enwckns) , [Tom Bonner](https://x.com/thomas_bonner) , Kasimir Schulz > One of the most alarming consequences is that these backdoors are format-agnostic. ## **Details**:  Using this technique, an adversary can implant codeless, surreptitious backdoors in models of any modality by manipulating a model’s ‘graph’ – the computational graph representation of the model’s architecture. Backdoors created using this technique will persist through fine-tuning, meaning foundation models can be hijacked to trigger attacker-defined behavior in any downstream application when a trigger input is received, making this attack technique a high-impact AI supply chain risk. [blog](https://hiddenlayer.com/research/shadowlogic/) [video](https://hiddenlayer.com/wp-content/uploads/backdoor_demo.mp4) ID: AML.T0010.003