model-signing
Safeguard articles tagged "model-signing" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Model Weights as Supply Chain Artifacts: Signing and Provenance
A 4 GB safetensors file deserves the same signing, hashing, and provenance discipline as a container image. How to actually do it with Sigstore, OCI registries, and AIBOMs.
AI Model Weights: Signing, Attestation, Provenance
Model weights are binaries with the privilege of code and the review of documents. Here is what signing, attestation, and provenance should actually look like.
AI Model Weight Tampering Detection Techniques
Weight-level tampering leaves cryptographic and statistical fingerprints. Here is what current research says about detecting a modified checkpoint before it reaches inference.
CoSAI Releases Model Signing and Incident Response Frameworks
The Coalition for Secure AI published two operational frameworks in November 2025: Signing ML Artifacts and AI Incident Response. We unpack what each contains and how to adopt them.
AI Model Watermarking and Provenance
Watermarking and provenance are the two most confused terms in AI security. A practical breakdown of what each actually does, where the 2025 techniques break, and what to ship in the meantime.
OpenSSF Model Signing v1.0: Sigstore for ML
OpenSSF launched Model Signing v1.0 in April 2025 with Sigstore integration. NVIDIA NGC adopted it the same month. We explain what it signs, how to verify, and where the gaps are.