Securing AI supply chains: Cohere’s commitment to model signing

The AI supply chain is vulnerable to security threats, as models from open source hubs can be tampered with or contain malicious code. To address this, cryptographic signing verifies a model's authenticity and integrity, ensuring it hasn't been altered. Cohere is now signing all its models using the Sigstore standard, an open-source framework for software supply chain security. Users can use Cohere's public key to confirm that the models they download are genuine and secure.