Supply chain provenance is the practice of verifying where a model, checkpoint, library, or hardware component came from and whether it has been changed. In AI systems, provenance answers basic trust questions: who built it, how it was produced, what version it is, and whether the artifact matches the publisher’s signed hash or checksum.
This matters because attackers often target the delivery chain rather than the model itself. A poisoned checkpoint, tampered dependency, or swapped runtime can introduce backdoors, data theft, or unsafe behavior even when the model appears legitimate. Defenders use provenance checks to compare hashes, verify signatures, track package sources, and prefer trusted registries and reproducible builds. In procurement and deployment, provenance helps organizations reduce the risk of hidden modifications and make informed decisions about self-hosted or third-party AI.



