Securing the AI supply chain · live backend
Sovereign Frontier is the platform for securing the AI supply chain — a cryptographically attested commons for dual-use open AI. Eight categories of artifacts move through three states — Quarantine → Hardened → Sealed — every claim backed by a signature you can check, in one transparency log.
Listed from the publisher's published hashes — or closed/gated models we can't independently check. The starting state for everything here.
We downloaded the weights and checked their SHA-256 ourselves, plus a supply-chain scan mapped to NIST AI RMF / COSAIS — signed by our own key.
Domain attestation by external bodies (NIST, FDA, MITRE…) signing with their own keys. Retired until real reviewers sign — never claimed without receipts.
Research
How it works
Every model in the registry carries a signed attestation you can independently verify. No blind trust required.
Every attested model in the registry, ranked by signed, reproducible benchmark scores. Filter by task (coding, reasoning, vision), parameter count, license, or hardening tier.
Every model ships with a signed AIEM envelope anchored to the Rekor transparency log. Re-check signatures and Merkle inclusion proofs — in your browser or one CLI command.
Pull verified weights with one command. Deploy to cloud, on-prem, or air-gapped edge with a signed provenance bundle attached — no call-home, no single point of trust.
Browse the commons
Each category is a separate signing scope with its own SOTA leaderboard and hardening harness. All eight interoperate through the shared provenance DAG.
Start here
Three on-ramps depending on your role. Every path ends at the same cryptographic foundation.
Pull signed weights and verify the provenance chain end-to-end — against a transparency log you can check yourself, without trusting this host.
Stand up a local mirror, load the air-gap bundle, and integrate with on-premises systems — no call-home, no single point of trust. Verified attestation chains work fully offline.
Bring your model, dataset, or tool into the commons. One CLI command mints an AIEM envelope, runs the scan harness, and anchors the attestation in the transparency log.
Attestation pipeline
Every model enters through quarantine. It promotes to hardened only when Sovereign Frontier has independently downloaded the weights, verified their SHA-256 against the publisher's git-LFS hashes, and run a static supply-chain scan — all signed by our own key and mapped to NIST AI RMF, COSAIS (SP 800-53 overlays), and the CAISI agent-security RFI. No third-party witness quorum is claimed until real reviewers sign.
Models known only from the publisher's published hashes, closed-weight models with no public artifact, or gated repos we cannot read. Amber tier.
Weights we downloaded and SHA-256–verified ourselves, with a static supply-chain scan (serialization safety, load-time code execution) signed by our key. Teal tier.
Independent third-party domain attestation. Retired until real reviewers (NIST, FDA, MITRE, …) sign with their own keys. Not currently claimed.