Quickstart

To start scanning the model files, simply install palisade package and start running the scans

pip install palisade

Run your first scan

# Scan a single file
palisade scan model.safetensors

# Scan a directory recursively
palisade scan ./huggingface_cache --recursive

See It In Action

The "Clean" Scan

Palisade validates metadata, tensors, and genealogy in seconds.

$ palisade scan test_models/performance/tiny/model.safetensors
✓ Using built-in default policy
 Scanning: test_models/performance/tiny/model.safetensors
   Size: 2098.20 MB
   Policy: Default security policy

2025-12-08 11:25:47,537 - INFO - Pattern compilation success rate: 100.0% (66/66)
Using streaming validation ...
🔍 Running security validators...
✅ Metadata - Clean (0.28s)
✅ ModelGenealogy - Clean (0.24s)
✅ Provenance - Clean (0.25s)
✅ BufferOverflow - Clean (13.34s)
✅ Tokenizer - Clean (0.00s)
✅ DecompressionBomb - Clean (0.00s)
✅ Model - Clean (16.73s)
✅ SupplyChain - Clean (16.55s)
✅ Behavior - Clean (8.75s)
✅ ToolCall - Clean (14.86s)
✅ Backdoor - Clean (10.40s)
✅ LoRAAdapter - Clean (1.09s)
✅ Safetensors - Clean (16.25s)
📊 Validation complete - No issues found (62.5 MB/s)
2025-12-08 11:26:21,110 - INFO - Applying policy evaluation (environment: default)
2025-12-08 11:26:21,110 - INFO - Policy evaluation complete - Overall effect: allow

╭──────────────────────────── 📄 Palisade Security Scan ─────────────────────────╮
│ model.safetensors                                                              │
│ test_models/performance/tiny/model.safetensors                                 │
╰────────────────────────────────────────────────────────────────────────────────╯

✅ CLEAN: model.safetensors

 Scan Time             33.58s  
 Validators            13      
 Memory Used           35.1 MB 
 Warnings              0       

✅ No security threats detected

╭───────────────────────────── 🛡️ Policy Decision ────────────────────────────────╮
│ ✅ ALLOWED                                                                      │
│                                                                                 │
│ Environment: default                                                            │
│ Model passed policy checks.                                                     │
╰─────────────────────────────────────────────────────────────────────────────────╯

✅ Model passed all security checks

Malicious Scan (Blocked):

$ palisade scan examples/models/gemma-3-270m/model_metadata_injection.safetensors 
✓ Using built-in default policy
 Scanning: examples/models/gemma-3-270m/model_metadata_injection.safetensors
   Size: 511.38 MB
   Policy: Default security policy

2025-12-08 11:37:36,052 - INFO - Pattern compilation success rate: 100.0% (66/66)
Using streaming validation ...
🔍 Running security validators...
✅ Metadata - Clean (0.24s)
✅ ModelGenealogy - Clean (0.13s)
✅ Provenance - Clean (0.07s)
✅ BufferOverflow - Clean (2.28s)
✅ Tokenizer - Clean (0.00s)
✅ DecompressionBomb - Clean (0.00s)
✅ Model - Clean (2.51s)
✅ SupplyChain - 1 warnings found (2.47s)
✅ Safetensors - 1 warnings found (0.00s)
2025-12-08 11:37:38,966 - INFO - Suspicious patterns detected in model header (score: 0.300)
2025-12-08 11:37:38,977 - INFO -   Found 5 textual pattern matches in chunk 0
2025-12-08 11:37:38,977 - INFO -     Match 0: code_injection - eval\s*\( -> 'eval('
2025-12-08 11:37:38,977 - INFO -     Match 1: code_injection - os\.system -> 'os.system'
2025-12-08 11:37:38,977 - INFO -     Match 2: code_injection - system\s*\( -> 'system('
✅ Behavior - 1 warnings found (1.79s)
✅ Backdoor - 2 warnings found (1.46s)
✅ LoRAAdapter - Clean (0.35s)
✅ ToolCall - 1 warnings found (2.05s)
📊 Validation complete - 6 warnings found (112.1 MB/s)
2025-12-08 11:37:40,616 - INFO - Applying policy evaluation (environment: default)
2025-12-08 11:37:40,618 - INFO - Policy evaluation complete - Overall effect: deny

╭──────────────────────────────────────── 📄 Palisade Security Scan ──────────────────────╮
│ model_metadata_injection.safetensors                                                    │
│ examples/models/gemma-3-270m/model_metadata_injection.safetensors                       │
╰─────────────────────────────────────────────────────────────────────────────────────────╯

🔍 SUSPICIOUS: model_metadata_injection.safetensors

 Scan Time             4.58s   
 Validators            13      
 Memory Used           38.8 MB 
 Warnings              6       

🔍 Security Analysis (6 warnings)

🔴 HIGH (2)
   1. supply_chain_malicious_functions
      Malicious functions detected: eval, os_system, system
   2. privilege_escalation_detected
      Privilege escalation patterns detected: enhanced_capabilities

🟡 MEDIUM (4)
   1. safetensors_streaming_header_error
      Failed to parse JSON header: EOF while parsing a string at line 1 column 26696
   2. backdoor_suspicious_header_patterns
      Suspicious patterns detected in model header (score: 0.300)
   3. backdoor_textual_patterns_in_chunk
      Suspicious textual patterns found in chunk at offset 0
   4. toolcall_suspicious_parameters
      Suspicious parameters: pipe_to_sh (1 matches in 511.4MB model)

╭───────────────────────────────── 🛡️ Policy Decision ────────────────────────────────────────╮
│ ⛔ BLOCKED BY POLICY                                                                        │
│                                                                                             │
│ Environment: default                                                                        │
│ This model violates security policy and cannot be used.                                     │
│ Review the warnings above to understand why.                                                │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯

📋 Recommendations
   • ⛔ BLOCKED BY POLICY - Do not use this model
   • This model violates security policy requirements
   • Investigate the source and re-download from trusted source

PreviousModel Supply Chain Scan NextPerformance

Last updated 19 days ago

Good morning

hashtagSee It In Action

hashtagThe "Clean" Scan

hashtagMalicious Scan (Blocked):

See It In Action

The "Clean" Scan

Malicious Scan (Blocked):