A Cryptographic Framework for AI Model Trust and Confidentiality (G31c)
Although opinions on AI range from enthusiasm to deep concern, it’s clear that this technology is reshaping modern society. As organizations adopt AI, a significant risk has emerged for developers. Unauthorized changes to an AI model’s learned parameters (or weights) can alter its behavior in harmful ways that are difficult to detect. For example, if a bank’s fraud detection model is quietly modified to reduce scrutiny on a particular account or company, it could create an almost undetectable path for abuse. Current software supply chain productions don’t observe or validate changes at the AI model level, leaving a blind spot where critical decisions can be influenced without visibility into who made the change or when it occurred. The potential impact of these risks is growing, but the tools to mitigate them already exist, courtesy of the cryptographic module community. Join the speakers in this session as the speakers introduce a framework that uses PKI, certificate chains, and hardware roots of trust to provide verifiable integrity and confidentiality for AI models and their parameters.