Supply chain security for LLM artifacts using Sigstore, in-toto, and SLSA frameworks. Generates signed attestations for model weights, training data, and inference outputs.
There have been a lot of supply-chain attacks on projects, by way of creating fake or tainted node.js packages. The base for this attack is complete anonimity without even signature for the package...
Ogulcan Aydogan
TACC - The Americas Consulting Company