Cisco Launches AI Provenance Tool for Security and Supply Chain Protection

Cisco has introduced a new open-source tool designed to bring transparency and trust to artificial intelligence systems by verifying where models originate from.

The tool, called the Model Provenance Kit, aims to address growing concerns around AI supply chain security, compliance, and hidden risks in third-party models.

Rising AI Supply Chain Risks

As organizations increasingly rely on open-source and third-party AI models, visibility into how these models are built has become limited.

Platforms like Hugging Face now host millions of models, many of which are modified, fine-tuned, or repackaged without clear documentation.

This lack of traceability creates several risks:

• Organizations may unknowingly deploy poisoned or vulnerable models.
• Licensing violations can arise if models inherit restrictions from upstream sources.
• Regulatory frameworks such as the EU AI Act and NIST AI RMF require detailed documentation of AI origins.
• Incident response becomes difficult when model lineage is unclear.

Recent industry cases have also highlighted how models are often built on top of other systems without proper disclosure, making provenance tracking critical for risk management.

Model provenance refers to identifying the origin, lineage, and modification history of an AI model. Cisco compares this process to a “DNA test” for AI.

Instead of relying solely on metadata, which can be altered or falsified, the Model Provenance Kit analyzes both:

• Model architecture and configuration
• Tokenizer structure
• Learned weights (the internal parameters of the model)

This combined approach allows organizations to verify whether a model is original, derived, or potentially manipulated.

The Model Provenance Kit operates in two stages to determine whether two models share a common origin.

Stage 1 focuses on fast architectural checks by comparing configuration metadata. If two models share identical structures, they can quickly be classified as related.

Stage 2 performs deeper weight-level analysis when metadata is inconclusive. It evaluates multiple signals, including:

• Embedding patterns that reflect training behavior
• Distribution of learned values
• Stable normalization layer fingerprints
• Energy distribution across model layers
• Direct weight similarity comparisons

These signals are combined into a single provenance score that indicates whether models share lineage.

For example, if two chatbot models appear different but were fine-tuned from the same base model, the tool can detect hidden similarities in their weights, much like matching genetic markers.

The toolkit supports two main operational modes:

• Compare mode: Analyzes two models and provides a detailed similarity breakdown with a final lineage score.
• Scan mode: Matches a model against a fingerprint database to identify its closest known relatives.

Cisco has also released a fingerprint dataset covering around 150 base models across multiple families, enabling faster and more accurate lineage detection.

Cisco evaluated the tool on 111 model pairs, including complex real-world scenarios such as distillation, quantization, and cross-organization fine-tuning.

Key results include:

• 100% detection of standard and cross-organization derivatives
• High accuracy in distinguishing unrelated models with similar architectures
• Minimal false positives, especially in cases where models share tokenizers but not training lineage

Only a small number of edge cases involving extreme architectural changes were misclassified.

The Model Provenance Kit directly addresses several critical challenges:

• Detecting tampered or backdoored models before deployment
• Supporting regulatory compliance with verifiable lineage evidence
• Improving AI incident response by tracing root causes
• Strengthening trust in AI supply chains

By moving beyond self-reported metadata to evidence-based verification, the tool helps organizations make more informed decisions about the AI systems they use.

Cisco’s Model Provenance Kit is available as an open-source Python toolkit with CLI support. It runs efficiently on CPUs and supports transformer models with downloadable weights.

The release marks a significant step toward securing the AI ecosystem as model reuse, fine-tuning, and repackaging continue to grow across the industry.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Cisco Launches AI Provenance Tool for Security and Supply Chain Protection appeared first on Cyber Security News.