highexperimentalLinuxAI/MLT1195.001

LLM Service Loading Model From Temporary Directory

Detects LLM runtime processes (Python, ollama, vllm) executing with command-line arguments referencing temporary directories for model loading. Loading model weights from /tmp or /dev/shm suggests a staged supply chain attack replacing legitimate model files.

Updated Jan 15, 2025 · Detection Engineering Team

llmsupply-chainlinuxmodel-loadowasp-llm03

Problem Statement

Model weight files loaded from temporary directories have likely bypassed integrity verification controls. This is a key indicator of a supply chain attack where a legitimate model has been replaced with a tampered version.

Sample Logs

{"timestamp":"2025-01-15T07:55:12Z","computer_name":"llm-host-02","user":"llm_svc","image":"/usr/bin/python3","command_line":"python3 serve.py --model /tmp/replaced_model.gguf"}

Required Fields

image

command_line

user

computer_name

False Positives

·Development environments loading test models from temp directories

Tuning Guidance

Production LLM hosts should load models exclusively from versioned, signed paths. Any temporary path model load should be treated as high priority.