Never a dill moment: Exploiting machine learning pickle files - Security Boulevard

Many machine learning (ML) models are Python pickle files under the hood, and it makes sense. The use of pickling conserves memory, enables start-and-stop model training, and makes trained models portable (and, thereby, shareable). Pickling is easy to implement, is built into Python without requiring additional dependencies, and supports serialization of custom objects. There's little doubt about why choosing pickling for persistence is a popular practice among Python programmers and ML practitioners. Pre-trained models are typically treated as "free" byproducts of ML since they allow the valuable intellectual property like algorithms and corpora that produced the model to remain private.