Securing Your ML Model Supply Chain with OpenSSF Model Signing and Sigstore
Abhishek Ghosh, Shubham Bhardwaj
Machine learning models are shared and deployed at massive scale, yet most organizations have no way to verify whether a model is safe, authentic, or tampered with. This creates a growing risk surface. Model backdoors, malicious deserialization, and compromised model files are already appearing in the wild.
This hands-on workshop introduces participants to model supply chain security using the new OpenSSF Model Signing Standard together with Sigstore’s cryptographic signing and verification tools. We will show how to sign an ML model, verify its integrity before loading, and integrate these steps into a simple ML workflow.
The session is designed for beginners and intermediate-level practitioners. No deep cryptography background is required, just basic ML familiarity is sufficient. By the end, attendees will be able to apply signing and verification to their own models and understand how these techniques protect against real world supply chain attacks.
Cybersecurity and Compliance
(Workshop) VYAS - G - Room#VY004