T13-AT-012HIGH
Artifact Signature Attacks
T13 · AI Supply Chain & Artifact Trust →Risk score225
RatingHigh
Procedures10
Severity
Mechanism
Artifact signing — cryptographic verification that a model, dataset, or pipeline artifact has not been tampered with — is the foundational trust mechanism for supply chain security. Attacks target the signing infrastructure itself: private key compromise, signing process manipulation, verification bypass, and trust root attacks. If the signing system is compromised, all downstream integrity guarantees are void.
Detection
- Key usage auditing: log all signing operations and alert on unexpected signing events
- Multi-party signing: require multiple independent signatures for model release
- Transparency logs (CT-style): public log of all signed artifacts for community auditing
- Verification failure alerting: treat any verification failure as a security incident, not a warning
Mitigation
HSM-backed signing keys with audit loggingHIGH
Multi-party signing (N-of-M threshold)HIGH
Sigstore/Cosign integration for model artifactsMEDIUM
Comprehensive artifact scope (sign everything)MEDIUM
Chaining
Open in the technique browser →Artifact signature attacks are a force multiplier for all other T13 techniques — compromising the signing system makes all model distribution attacks undetectable. Key theft (T13-AP-012A) chains from T13-AT-004 (Dependency Confusion) through credential harvesting.