Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security

Cisco has open-sourced its Model Provenance Kit, a tool designed to verify the origins of AI models and improve trust across the AI supply chain. As organizations rapidly adopt third-party and open-source models, they often lack visibility into where those models came from or how they’ve been modified. Modern AI systems are continuously fine-tuned, compressed, merged, or quantized, creating derivative models that can inherit vulnerabilities, hidden dependencies, or licensing issues. The kit fingerprints models at the weight level — the underlying parameters defining behavior — allowing security teams to determine with high confidence whether one model is derived from another. Amy Chang, head of AI Threat Intelligence & Security Research at Cisco, noted that provenance is becoming foundational for governance and accountability in regulated, high-stakes domains.

The Model Provenance Kit also introduces a formal Model Provenance Constitution that defines what counts as a legitimate derivation relationship and what does not. Under this framework, two AI systems are related only if there is a direct or indirect causal chain connecting their trained parameters — including fine-tuning, knowledge distillation, quantization, pruning, or model merging. Crucially, the framework excludes superficial similarities like shared architectures or overlapping training datasets. This prevents false positives in vulnerability tracking and unnecessary licensing concerns, reducing noise in governance processes. By anchoring provenance in verifiable weight relationships, Cisco provides a technically grounded standard that can be applied consistently across organizations, helping to strengthen AI supply chain security, compliance, and incident response.