Felix Pinkston
Jul 28, 2025 16:38
NVIDIA’s new model signing initiative in the NGC Catalog aims to bolster AI security by providing cryptographic verification, ensuring model integrity and trust across various deployment environments.
NVIDIA has taken a significant step in enhancing the security of artificial intelligence (AI) models by introducing model signing in the NGC Catalog. This initiative aims to provide verifiable trust through cryptographic verification, ensuring that AI models remain unaltered and originate from trusted sources, according to NVIDIA’s blog.
Strengthening AI Model Integrity
In an era where AI systems increasingly interact with APIs and the physical environment, the potential attack surface has expanded significantly. A compromised model can lead to severe consequences, from erroneous decision-making to physical harm. To address these risks, NVIDIA has been signing all NVIDIA-published models in the NGC Catalog with the OpenSSF Model Signing (OMS) specification since March 2025, marking a pioneering move in the AI industry.
Cryptographic Verification Process
The model signing process involves using a private signing key to generate a digital signature for each model, which is then verified using a public certificate. This ensures that models are authentic and unmodified, creating a verifiable chain of trust. This process enables developers, MLOps teams, and security professionals to confirm the integrity of models, ensuring compliance and security across AI deployments.
Integration Across NVIDIA Platforms
Model signing is integrated into NVIDIA Enterprise AI Factory and NVIDIA AI Enterprise, providing end-to-end validation of model integrity. This integration allows organizations to develop, deploy, and scale AI applications securely. The signing process occurs just before publishing to the NGC Catalog, ensuring that all models are verified before deployment.
Open Standards and Verification
The use of the OMS standard allows for a flexible and implementation-agnostic approach to model signing. NVIDIA’s adoption of this standard supports a variety of key management approaches and ensures compatibility with open-source tools for verification. This makes it easier for developers and organizations to verify the origin and integrity of models using established standards-based tooling.
Implications for AI Security
As AI continues to permeate various industries, ensuring the security and integrity of AI models becomes paramount. NVIDIA’s model signing initiative reinforces trust in AI deployments, providing organizations with the tools to verify model authenticity before use. This move not only enhances security but also facilitates faster and more secure AI adoption across cloud, on-premise, and edge environments.
NVIDIA’s efforts in model signing underscore the importance of building trust into the AI supply chain, ensuring that every layer of the AI stack is secure and reliable.
Image source: Shutterstock
