Machine learning (ML) models are driving an AI revolution that is transforming all areas of human life, with applications including healthcare, self-driving cars, and robotics. Anticipating the security vulnerabilities of ML is essential to improve the safety and trustworthiness of systems that depend on them. The project studies a new threat to ML models that exploits how these models are built and trained. Specifically, when ML models are trained, they configure a number of parameters as they learn patterns in data sets; large models can contain billions of parameters that help them as they learn complex tasks efficiently. However, once the model is trained, it is well known that only a subset of these parameters contribute to the model’s functionality. The remaining, unused, parameters have little effect on the performance of the model, and there are reasons to believe that malicious actors might be able to exploit unused parameters to harm the security and privacy of models. The goal of this research is to understand the security implications of the unused parameters of machine learning models. Since unused parameters do not affect the baseline model, their state can be manipulated by the attacker during training to install potentially malicious additional functionality, without being detected when the model is tested. The project characterizes this threat both experimentally and theoretically for different model types, and develops mitigation approaches against it, helpi