Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims

Computer Science > Cryptography and Security [Submitted on 30 Mar 2026] Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims Zhuoran Tan, Jeremy Singer, Christos Anagnostopoulos Modern Large Language Model (LLM) systems are assembled from third-party artifacts such as pre-trained weights, fine-tuning adapters, datasets, dependency packages, and container images, fetched through automated pipelines. This speed comes with supply-chain risks, including compromised dependencies, malicious hub artifacts, unsafe deserialization, forged provenance, and backdoored models. A core gap is that training and release claims (e.g., data and code lineage, build environment, and security scanning results) are rarely cryptographically bound to the artifacts they describe, making enforcement inconsistent across teams and stages. We propose an attestation-aware promotion gate: before an artifact is admitted into trusted environments (training, fine-tuning, deployment), the gate verifies claim evidence, enforces safe loading and static scanning policies, and applies secure-by-default deployment constraints. When organizations operate runtime security tooling, the same gate can optionally ingest standardized dynamic signals via plugins to reduce uncertainty for high-risk artifacts. We outline a practical claims-to-controls mapping and an evaluation blueprint using representative supply-chain scenarios and operational metrics (coverage and decisions), charting a path toward a full research paper. Comments: This paper has been accepted at The 2nd International Workshop on Large Language Model Supply Chain Analysis (LLMSC 2026) Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2603.28988 [cs.CR]   (or arXiv:2603.28988v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.28988 Focus to learn more Submission history From: Zhuoran Tan [view email] [v1] Mon, 30 Mar 2026 20:37:48 UTC (131 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)