CISCO has released an open source tool called Model Provenance Kit to help organisations manage risks around third‑party AI models, including poisoned or vulnerable models and regulatory and supply chain issues. The Python‑based toolkit and command‑line interface generate a fingerprint for each model using metadata signals, tokenizer similarity, and weight‑level identity signals such as embedding geometry and normalization layers.
It offers two modes: compare, to identify shared lineage between two models, and scan, to find the closest lineage for a given model by matching fingerprints against a Cisco‑compiled database. The model provenance project aims to provide an evidence‑based approach to tracing origins as models are continually fine‑tuned and repackaged. The open source Model Provenance Kit is available on GitHub, with Cisco’s dataset of base model fingerprints hosted on Hugging Face.
According to Cisco, the kit addresses licensing, regulatory, and incident response challenges associated with AI models and helps improve supply chain integrity. May 1, 2026.