Skip to content

πŸ‘‹ Welcome to AICert!

Making AI Traceable and Transparent

πŸ“œ What is AICert?

πŸ› οΈ AICert aims to make AI traceable and transparent by enabling AI builders to create certificates with cryptographic proofs binding the weights to the training data and code. AI builders can be foundational model providers or companies that finetune the foundational models to their needs.

πŸ‘©β€πŸ’» End users are the final consumers of the AI builders’ models. They can then verify these AI certificates to have proof that the model they talk to comes from a specific training set and code, and therefore alleviates copyright, security and safety issues.

πŸ” We leverage Trusted Platform Modules (TPMs) in order to attest the whole stack used for producing the model, from the UEFI, all the way to the code and data, through the OS.

Measuring the software stack, training code and inputs and binding them to the final weights allows the derivation of certificates that contain irrefutable proof of model provenance.

βœ… Use cases

AICert addresses some of the most urgent concerns related to AI provenance. It allows AI builders to:

  • Prove their AI model was not trained on copyrighted, biased or non-consensual PII data
  • Provide an AI Bill of Material about the data and code used, which makes it harder to poison the model by injecting backdoors in the weights
  • Provide a strong audit trail with irrefutable proof for compliance and transparency


AICert is still under development. Do not use it in production!

If you want to contribute to this project, do not hesitate to raise an issue.

πŸ” Features

  • AI model traceability: create AI model ID cards that provide cryptographic proof binding model weights to a specific training set and code
  • Non-forgeable proofs: leverage TPMs to ensure non-forgeable AI model ID cards
  • Flexible training: use your preferred tooling for training
  • No slowdown induced during training
  • Azure support

Coming soon:

  • Benchmark linking: provide cryptographic binding of model weights to specific benchmarks that were run for this specific model
  • Multi-Cloud support with AWS and GCP coverage
  • Single and multi-GPU support

πŸš€ Getting started

⚠️ Limitations

While we provide traceability and ensure that a given set of weights comes from applying a specific training code on a specific dataset, there are still challenges to solve:

  • The training code and data have to be inspected. AICert does not audit the code or input data for threats, such as backdoors injected into a model by the code or poisonous data. It will simply allow us to prove model provenance. It is up to the AI community or end-user to inspect or prove the trustworthiness of the code and data.
  • AICert itself has to be inspected, all the way from the OS we choose to the HTTP server and the app we provide to run the code on the training data.

We are well aware that AICert is not a silver bullet, as to have a fully trustworthy process, it requires scrutiny of both our code and the code and data of the AI builder.

However, by combining both, one can have a solid foundation for the AI supply chain.

πŸ™‹ Getting help

  • Go to our Discord #support channel

πŸ”’ Who made AICert?

AICert was developed by Mithril Security. Mithril Security is a startup focused on AI privacy solutions based on Confidential Computing technologies. We provide several open-source tools for querying and deploying AI solutions to improve AI provider's security posture and compliance.