Cloudsmith enhances governance for AI/ML models with new registry

In a pivotal development, Cloudsmith, the prominent cloud-native artifact management platform, has unveiled its ML Model Registry. This innovation brings robust governance and security to the forefront of managing machine learning (ML) models and datasets, which are the pillars of contemporary software.

The surge in enterprise ML adoption has unveiled challenges including model sprawl, compliance uncertainty, and security threats. Examples such as backdoored models on platforms like Hugging Face and GitHub highlight the ease with which malicious components can infiltrate production environments if left unchecked. Cloudsmith’s latest offering empowers organisations to implement the same meticulousness and policies reserved for software packages and containers to ML assets, enhancing workflow security and reliability.

The Cloudsmith ML Model Registry seamlessly integrates with the Hugging Face Hub and SDK, allowing teams to manage models and datasets with familiar tools, whilst achieving centralised control, compliance, and oversight. Public models and datasets can be proxied and cached from Hugging Face into Cloudsmith. Here, security and compliance data are accessible to the Enterprise Policy Management (EPM) system, aiding organisations in implementing coherent policies before models progress to development or production.

Alison Sickelka, VP of Product at Cloudsmith, noted how the swift adoption of AI/ML is reshaping enterprise software. However, many organisations still struggle with model and dataset governance. The advent of this new registry brings enterprise-grade controls, traceability, and security to AI/ML assets, akin to those used in traditional software supply chains.

Highlighted Capabilities:

• Unified Artifact Management: Consolidate ML models and datasets with containers and language-specific packages in a singular, secure registry.
• Hugging Face SDK Compatibility: Retain familiar workflows while interacting with models, maintaining developer efficiency.
• Proxy and Cache Open Source Models: Securely integrate models from Hugging Face with enforced enterprise policies.
• Secure Model Delivery: Enable policy-based approval or blocking of models through visible security signals in EPM.
• Integrated CI/CD for Models: Harmoniously integrate with existing pipelines for training, validation, and deployment.

In providing this comprehensive lifecycle visibility, Cloudsmith ensures teams can manage their AI/ML models from inception to deployment, safeguarding integrity, compliance, and performance throughout the process. This release marks a significant step forward in the governance and security of AI/ML assets in the modern enterprise.