Quick Start¶

Embed a payload into a model and extract it back in under 5 minutes. This guide uses safetensors. The local model workflows (info, embed, extract, and manta-extract) also support GGUF files when they contain F32 carrier tensors; quantized-only GGUFs will report zero usable capacity. Hugging Face remote-code delivery remains scoped to safetensors/Transformers repos.

1. Build the Tool¶

cargo build --release
alias manta=./target/release/manta

2. Get a Test Model¶

Any safetensors file with F32 tensors works. For testing, you can use a small model:

# create_test_model.py
import torch
from safetensors.torch import save_file

tensors = {
    "model.layers.0.mlp.down_proj.weight": torch.randn(4096, 4096),
    "model.layers.0.mlp.up_proj.weight": torch.randn(4096, 4096),
    "model.layers.1.mlp.down_proj.weight": torch.randn(4096, 4096),
}
save_file(tensors, "test_model.safetensors")

python create_test_model.py

3. Inspect the Model¶

manta info -m test_model.safetensors -d 3

Output shows target tensors and total capacity at lsb_depth=3.

4. Create a Payload¶

echo "this is a secret payload" > payload.txt

5. Embed¶

manta embed \
  -m test_model.safetensors \
  -o weaponized.safetensors \
  -p payload.txt \
  -d 3 \
  -k "my-passphrase" \
  -e 0.5 \
  > extraction_key.json

The extraction key is printed to stdout (JSON). Embed stats go to stderr. Keep the extraction key — you need it for recovery.

6. Extract¶

# Get tensor names from the extraction key
cat extraction_key.json

manta extract \
  -m weaponized.safetensors \
  -o recovered.txt \
  -t "model.layers.0.mlp.down_proj.weight" \
  -d 3 \
  -k "my-passphrase" \
  -e

7. Verify¶

diff payload.txt recovered.txt
# No output = identical files

8. Inspect the Carrier Impact¶

manta metrics \
  --original test_model.safetensors \
  --modified weaponized.safetensors

python3 scripts/scanner_baseline.py \
  test_model.safetensors \
  weaponized.safetensors \
  --lsb-depth 3

manta metrics emits a summary block plus ranked per-tensor rows. scanner_baseline.py reports scanner-visible signals such as LSB entropy deltas, tiny perturbation patterns, and an overall LOW or MEDIUM or HIGH risk estimate.

What Just Happened¶

ECC encode — Reed-Solomon added 50% redundancy to protect against bit loss
Encrypt — AES-256-GCM with Argon2id key derivation encrypted the payload
Frame — MANT header (4-byte magic + 4-byte length) wrapped the ciphertext
Embed — Framed data written into the bottom 3 mantissa bits of each float32

Extraction reverses the pipeline: extract → unframe → decrypt → ECC decode.

Next Steps¶

Concepts — understand LSB steganography, framing, and the pipeline
CLI Reference — full command documentation
Operations Playbook — operational usage patterns