Overview
Severity: MEDIUM | Affected: CISA | Category: tool
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched 'AIVerify,' a new open-source tool designed to enhance the security and integrity of AI model supply chains. The framework helps organizations verify the provenance of AI models, datasets, and dependencies, addressing rising concerns about model poisoning and trojan attacks. AIVerify generates a secure bill of materials (SBOM) specifically for AI/ML components, known as an 'AI Bill of Materials' (AIBOM). It allows security teams to scan for known vulnerabilities in training data, detect malicious code embedded in model weights, and cryptographically sign models to ensure they haven't been tampered with post-training. The tool integrates with popular platforms like Hugging Face and aims to establish a common standard for AI supply chain security in both government and private sectors.