Sunday 05 July 2026 09:04:10 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Supply chain provenance

The practice of confirming where a model, checkpoint, or component came from and whether it was altered.

Supply chain provenance is the practice of verifying where a model, checkpoint, library, or hardware component came from and whether it has been changed. In AI systems, provenance answers basic trust questions: who built it, how it was produced, what version it is, and whether the artifact matches the publisher’s signed hash or checksum.

This matters because attackers often target the delivery chain rather than the model itself. A poisoned checkpoint, tampered dependency, or swapped runtime can introduce backdoors, data theft, or unsafe behavior even when the model appears legitimate. Defenders use provenance checks to compare hashes, verify signatures, track package sources, and prefer trusted registries and reproducible builds. In procurement and deployment, provenance helps organizations reduce the risk of hidden modifications and make informed decisions about self-hosted or third-party AI.

← WIKICROOK index