search

jozu-ai / kitops

Tools for easing the handoff between AI/ML and App/SRE teams.
https://KitOps.ml
Apache License 2.0
267 stars 26 forks source link

Include attestation for ModelKits #194

Open bmicklea opened 2 months ago

bmicklea commented 2 months ago

Describe the problem you're trying to solve ModelKits and the assets they contain can come from any location and be built by anyone. There are no inherent guarantees in any of the existing model / dataset packaging mechanism of provenance or safety. Users want a way to know where the package they are using has come from so they can make their own decision about whether to trust it.

Describe the solution you'd like ModelKits should be able to include attestations for the package and its contents. We could use something like the SLSA's verification summary and include it with the ModelKit as an option. This would make ModelKits the first packaging for AI/ML that provides provenance attestations.

bmicklea commented 2 months ago

This will need to be split between signing and attestation.