Rahul Sharma
Rahul Sharma is a Senior Software Engineer at Red Hat with over six years of experience building Python systems for cloud-native infrastructure. He specializes in rule-driven diagnostics across Linux and Kubernetes. His work focuses on deterministic, testable architectures on real-world data and integrating LLM components into infrastructure software with strong evaluation and guardrails. His talks draw from production lessons and practical patterns for building systems that scale reliably.
Red Hat
Senior Software Engineer
Session
Container images get signed and verified. AI models almost never do. A poisoned checkpoint can run arbitrary code at deserialization, yet Kubernetes clusters treat model weights as trusted blobs. The tooling to change this reached v1.0 in 2025.
This talk walks through a practical enforcement pipeline for model trust on Kubernetes using three open source tools: Sigstore model signing (OMS v1.0) to sign model artifacts, the Sigstore Model Validation Operator for admission time verification, and Kyverno policies to block workloads referencing unsigned models. We trace the lifecycle: signing in CI, recording in Rekor, and blocking a tampered checkpoint at deploy time.
We also cover what still breaks: verification with quantized and adapter merged models, hashing instability across formats, and where AIBOM metadata fits into the attestation chain. A live demo signs, deploys, and blocks an unsigned model on a running cluster.