Model Supply Chain Scan
Palisade is an enterprise-grade security scanner for large language models and deep learning artifacts. It is designed to identify malicious or compromised models before they are deployed into production environments, where failures can be costly or irreversible.
While many model scanners focus narrowly on file structure or metadata, Palisade takes a broader approach. It combines fast static inspection with behavioral analysis and supply chain verification, allowing teams to detect backdoors, unsafe serialization, and provenance risks early in the deployment lifecycle.
Why Palisade?
Traditional model scanning tools are often too slow for modern workflows or miss entire classes of attacks that only surface during execution. Palisade is built specifically to address these gaps.
It is optimized for speed and scale, with a Rust-based core that can scan models with tens of billions of parameters on standard hardware without exceeding memory limits. This makes it practical to scan large models as part of everyday CI/CD pipelines rather than treating security checks as an offline or manual step.
Palisade also fully mitigates the risk of remote code execution associated with unsafe serialization formats. By preventing malicious pickle payloads from executing at load time, it eliminates a class of supply-chain exploits that have repeatedly compromised ML systems.
Beyond static inspection, Palisade performs behavioral detection to identify fine-tuning–based attacks and hidden behaviors that cannot be caught through file analysis alone. This allows it to surface threats that would otherwise remain dormant until runtime.
Most model scanners are slow or miss behavioral exploits. Palisade is different:
Blazing Fast: Powered by a Rust core, capable of scanning 70B+ parameter models on standard hardware without OOM.
Blocks Pickle RCE: Completely prevents remote code execution via unsafe serialization.
Native CI/CD Integration: Palisade is built for pipelines. Gate your deployments using exit codes.
Behavioral Detection: Catches fine-tuning attacks that static analysis misses.
Supply Chain Verification
Palisade provides first-class support for model supply chain integrity, helping teams answer critical trust questions about the models they deploy.
Sigstore Signature Verification:
It verifies cryptographic signatures using Sigstore, allowing teams to confirm who signed a model and whether it originated from a trusted source. This prevents unsigned or tampered artifacts from entering production environments.
Answers: "Who signed this model?" — Validates cryptographic signatures to ensure the model came from a trusted source.
SLSA Provenance Verification:
Palisade also validates SLSA provenance attestations, answering how a model was built and whether it followed approved build processes. This helps detect compromised training pipelines or unauthorized modifications to models.
Answers: "How was this model built?" — Validates build attestations to ensure supply chain integrity.
Provenance Tracking & ML-BOM:
To support long-term governance and auditing, Palisade discovers and tracks all available provenance information and generates a complete ML Bill of Materials (ML-BOM). This inventory provides visibility into model lineage, dependencies, and associated artifacts, supporting compliance and incident response workflows.
Answers: "What provenance exists?" — Discovers all provenance documentation and generates ML-BOM inventory.
Standards & Compatibility
Palisade is designed to align with Coalition for Secure AI (CoSAI) standards, ensuring compatibility with emerging best practices for AI and model supply chain security. Scan results can be emitted in multiple output formats, including JSON for programmatic consumption and SARIF for integration with existing security tooling and dashboards.
CoSAI Compliant: Designed to align with the Coalition for Secure AI (CoSAI) standards for software supply chain security.
Multiple Output Formats: Supports JSON and SARIF.
Last updated