The Air-Gapped Chronicles: The Model Zoo Ambush — When Your ‘Pretrained’ AI Ships the Attack

The Air-Gapped Chronicles: The Model Zoo Ambush - When Your ‘Pretrained’ AI Ships the Attack A healthcare AI team pulled a popular sentiment analysis model from Hugging Face. Benchmarks passed. Pilots looked great. Production deployment was smooth. Six weeks later, patient PHI started appearing in Discord channels. The model had been waiting. The scenario below is fictional, but built from real supply-chain techniques documented by JFrog, PyTorch, Protect AI, and FBI case files. The Slack message came in at PM on a Tuesday.