Ayushi Tiwari
Ayushi is an Associate Software Engineer at Red Hat, specializing in AI, python, and open source. With over 2 years of experience, she has worked on rule writing, log analysis, and proactive issue resolution. She is a mentor and public speaker, frequently sharing insights on open source, AI advancements, and career growth in tech. Passionate about scalable automation and AI-driven support systems, she strives to bridge the gap between engineering efficiency and real-world problem-solving.
Red Hat
Associate Software Engineer
Session
Container images get signed and verified. AI models almost never do. A poisoned checkpoint can run arbitrary code at deserialization, yet Kubernetes clusters treat model weights as trusted blobs. The tooling to change this reached v1.0 in 2025.
This talk walks through a practical enforcement pipeline for model trust on Kubernetes using three open source tools: Sigstore model signing (OMS v1.0) to sign model artifacts, the Sigstore Model Validation Operator for admission time verification, and Kyverno policies to block workloads referencing unsigned models. We trace the lifecycle: signing in CI, recording in Rekor, and blocking a tampered checkpoint at deploy time.
We also cover what still breaks: verification with quantized and adapter merged models, hashing instability across formats, and where AIBOM metadata fits into the attestation chain. A live demo signs, deploys, and blocks an unsigned model on a running cluster.