AI4DVault: A Registry Architecture for Securing the AI4D Supply Chain

---

Résumé

As artificial intelligence for development initiatives expand, ensuring secure and transparent supply chains for AI artifacts has become a critical challenge in emerging countries. Recent incidents of malicious models on repositories like Hugging Face demonstrate that machine learning model platforms are increasingly vulnerable to the same supply chain attacks that have plagued traditional software ecosystems. This paper presents the vision and architectural design for AI4DVault, a comprehensive registry architecture that addresses the unique security, provenance, and integrity requirements of AI4D ecosystems. While implementation remains a work in progress, our proposed architecture defines a cryptographically secure verification protocol that would allow stakeholders to trace model provenance from creation through deployment, protecting against namespace squatting, typosquatting, model confusion attacks, and unsafe serialization formats. The envisioned system would integrate with existing workflows through a standardized command-line interface while providing automated vulnerability scanning and integrity verification to prevent the distribution of compromised models. Our design adapts techniques from established supply chain security frameworks, including SLSA (Supply-chain Levels for Software Artifacts) and Sigstore, extending them to address AI-specific challenges such as dataset provenance tracking and model lineage verification. We present this architectural vision as a foundation for future implementation efforts, with the aim of establishing a roadmap toward more secure and trustworthy AI4D systems, particularly in resource-constrained environments where traditional security infrastructure may be limited.

Mots-clés

AI4D , AI artifacts , supply chain