The authors of a recently published research paper show how to inject backdoors in a machine learning model that is not active and cannot be detected in the original uncompressed model but which becomes active only when the model runs in compressed form, e.g. when deployed on a mobile phone. Model compression techniques such as model quantization and model pruning are typically used to reduce the size of machine learning models so that they can be used on resource-contrained devices such as mobile phones. If a backdoor is injected into these compressed models, this might result in malicious behavior on inputs that contain a specific trigger. For instance, an image classifier might classify a stop sign as a speed limit sign when it contains a trigger such as a simple post-it.