Mihai Maruseac - Taming the Wild West of ML: Practical Model Signing with Sigstore on Kaggle

Mihai Maruseac is a member of Google Open Source Security team (GOSST), working on Supply Chain Security, specifically for ML, but also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team after joining Google, moving from a startup to incorporate Differential Privacy (DP) withing Machine Learning (ML) algorithms.

Taming the Wild West of ML: Practical Model Signing with Sigstore on Kaggle

The rapid evolution of LLMs and ML in general has ushered in remarkable progress, but also a new wave of security threats. Model poisoning, supply chain vulnerabilities, and the challenge of verifying model and data provenance are just a few of these risks.

We've developed an efficient solution to sign models with Sigstore, at scale. This talk explores the practical experience of integrating this solution into Kaggle, a leading platform for data science and machine learning. We’ll share our journey of implementing model signing, from initial design to overcoming technical hurdles, and the resulting impact on Kaggle's community and the broader ML ecosystem.

We will learn about the benefits of model signing, the challenges of large-scale platform integration, and best practices for securing ML workflows. We'll share actionable insights so other model hubs to adopt similar solutions. Widespread adoption of model signing will prevent a significant number of ML supply chain incidents.