AICert

Making AI Traceable and Transparent

🛠️ AICert aims to make AI traceable and transparent by enabling AI builders to create certificates with cryptographic proofs binding the weights to the training data and code. AI builders can be foundational model providers or companies that finetune the foundational models to their needs.

👩‍💻 End users are the final consumers of the AI builders’ models. They can then verify these AI certificates to have proof that the model they talk to comes from a specific training set and code, and therefore alleviates copyright, security and safety issues.

We leverage Trusted Platform Modules (TPMs) in order to attest the whole stack used for producing the model, from the UEFI, all the way to the code and data, through the OS.

Measuring the software stack, training code and inputs and binding them to the final weights allows the derivation of certificates that contain irrefutable proof of model provenance.

AICert addresses some of the most urgent concerns related to AI provenance. It allows AI builders to:

• Prove their AI model was not trained on copyrighted, biased or non-consensual PII data

• Provide an AI Bill of Material about the data and code used, which makes it harder to poison the model by injecting backdoors in the weights

• Provide a strong audit trail with irrefutable proof for compliance and transparency

  ⚠️ WARNING: AICert is still under development. Do not use it in production! If you want to contribute to this project, do not hesitate to raise an issue.

• AI model traceability: create AI model ID cards that provide cryptographic proof binding model weights to a specific training set and code
• Non-forgeable proofs: leverage TPMs to ensure non-forgeable AI model ID cards
• Flexible training: use your preferred tooling for training
• No slowdown induced during training
• Azure support

• Benchmark linking: provide cryptographic binding of model weights to specific benchmarks that were run for this specific model
• Multi-Cloud support with AWS and GCP coverage
• Single and multi-GPU support

(back to top)

• Check out our “Getting started guide”, which will walk you through an example!
• Discover how we bind model weights to training inputs and code
• Learn more about the AICert architecture & workflow

(back to top)

While we provide traceability and ensure that a given set of weights comes from applying a specific training code on a specific dataset, there are still challenges to solve:

• The training code and data have to be inspected. AICert does not audit the code or input data for threats, such as backdoors injected into a model by the code or poisonous data. It will simply allow us to prove model provenance. It is up to the AI community or end-user to inspect or prove the trustworthiness of the code and data.
• AICert itself has to be inspected, all the way from the OS we choose to the HTTP server and the app we provide to run the code on the training data.

We are well aware that AICert is not a silver bullet, as to have a fully trustworthy process, it requires scrutiny of both our code and the code and data of the AI builder.

However, by combining both, we can have a solid foundation for the AI supply chain.

(back to top)

(back to top)