{"id":"https://openalex.org/W7147431750","doi":"https://doi.org/10.48550/arxiv.2603.28988","title":"Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims","display_name":"Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims","publication_year":2026,"publication_date":"2026-03-30","ids":{"openalex":"https://openalex.org/W7147431750","doi":"https://doi.org/10.48550/arxiv.2603.28988"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.28988","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28988","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.28988","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132557723","display_name":"Zhuoran Tan","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Tan, Zhuoran","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064718447","display_name":"Jeremy Singer","orcid":"https://orcid.org/0000-0001-9462-6802"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Singer, Jeremy","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132665310","display_name":"Christos Anagnostopoulos","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anagnostopoulos, Christos","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5132557723"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.5889000296592712,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.5889000296592712,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.10189999639987946,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11948","display_name":"Machine Learning in Materials Science","score":0.04039999842643738,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6039999723434448},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.5482000112533569},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.5282999873161316},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5185999870300293},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.5091999769210815},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.5029000043869019},{"id":"https://openalex.org/keywords/blueprint","display_name":"Blueprint","score":0.48559999465942383},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.40119999647140503},{"id":"https://openalex.org/keywords/training","display_name":"Training (meteorology)","score":0.39980000257492065},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.3801000118255615}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7127000093460083},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.616599977016449},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6039999723434448},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.5482000112533569},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.5282999873161316},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5185999870300293},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.5091999769210815},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.5029000043869019},{"id":"https://openalex.org/C155911762","wikidata":"https://www.wikidata.org/wiki/Q422321","display_name":"Blueprint","level":2,"score":0.48559999465942383},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4074000120162964},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.40119999647140503},{"id":"https://openalex.org/C2777211547","wikidata":"https://www.wikidata.org/wiki/Q17141490","display_name":"Training (meteorology)","level":2,"score":0.39980000257492065},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.3801000118255615},{"id":"https://openalex.org/C98147612","wikidata":"https://www.wikidata.org/wiki/Q215599","display_name":"Promotion (chess)","level":3,"score":0.3763999938964844},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.36419999599456787},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.36230000853538513},{"id":"https://openalex.org/C122783720","wikidata":"https://www.wikidata.org/wiki/Q183065","display_name":"Interpreter","level":2,"score":0.3449000120162964},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.32899999618530273},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.32679998874664307},{"id":"https://openalex.org/C110406131","wikidata":"https://www.wikidata.org/wiki/Q41349","display_name":"Smart card","level":2,"score":0.3005000054836273},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.2989000082015991},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.29589998722076416},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.29280000925064087},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.2833999991416931},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C108087509","wikidata":"https://www.wikidata.org/wiki/Q1207171","display_name":"ATM card","level":3,"score":0.28029999136924744},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.267300009727478},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.26269999146461487},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.2563000023365021},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.25619998574256897},{"id":"https://openalex.org/C546215728","wikidata":"https://www.wikidata.org/wiki/Q39531","display_name":"Bluetooth","level":3,"score":0.2524000108242035},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.28988","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28988","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.28988","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28988","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"Large":[1],"Language":[2],"Model":[3],"(LLM)":[4],"systems":[5],"are":[6,66],"assembled":[7],"from":[8],"third-party":[9],"artifacts":[10,72],"such":[11],"as":[12],"pre-trained":[13],"weights,":[14],"fine-tuning":[15],"adapters,":[16],"datasets,":[17],"dependency":[18],"packages,":[19],"and":[20,43,52,57,62,80,107,111,145,153,157],"container":[21],"images,":[22],"fetched":[23],"through":[24],"automated":[25],"pipelines.":[26],"This":[27],"speed":[28],"comes":[29],"with":[30],"supply-chain":[31,151],"risks,":[32],"including":[33],"compromised":[34],"dependencies,":[35],"malicious":[36],"hub":[37],"artifacts,":[38],"unsafe":[39],"deserialization,":[40],"forged":[41],"provenance,":[42],"backdoored":[44],"models.":[45],"A":[46],"core":[47],"gap":[48],"is":[49,91],"that":[50],"training":[51],"release":[53],"claims":[54],"(e.g.,":[55],"data":[56],"code":[58],"lineage,":[59],"build":[60],"environment,":[61],"security":[63,120],"scanning":[64,109],"results)":[65],"rarely":[67],"cryptographically":[68],"bound":[69],"to":[70,133],"the":[71,99,122],"they":[73],"describe,":[74],"making":[75],"enforcement":[76],"inconsistent":[77],"across":[78],"teams":[79],"stages.":[81],"We":[82,139],"propose":[83],"an":[84,89,146],"attestation-aware":[85],"promotion":[86],"gate:":[87],"before":[88],"artifact":[90],"admitted":[92],"into":[93],"trusted":[94],"environments":[95],"(training,":[96],"fine-tuning,":[97],"deployment),":[98],"gate":[100,124],"verifies":[101],"claim":[102],"evidence,":[103],"enforces":[104],"safe":[105],"loading":[106],"static":[108],"policies,":[110],"applies":[112],"secure-by-default":[113],"deployment":[114],"constraints.":[115],"When":[116],"organizations":[117],"operate":[118],"runtime":[119],"tooling,":[121],"same":[123],"can":[125],"optionally":[126],"ingest":[127],"standardized":[128],"dynamic":[129],"signals":[130],"via":[131],"plugins":[132],"reduce":[134],"uncertainty":[135],"for":[136],"high-risk":[137],"artifacts.":[138],"outline":[140],"a":[141,160,163],"practical":[142],"claims-to-controls":[143],"mapping":[144],"evaluation":[147],"blueprint":[148],"using":[149],"representative":[150],"scenarios":[152],"operational":[154],"metrics":[155],"(coverage":[156],"decisions),":[158],"charting":[159],"path":[161],"toward":[162],"full":[164],"research":[165],"paper.":[166]},"counts_by_year":[],"updated_date":"2026-04-02T13:53:19.096889","created_date":"2026-04-02T00:00:00"}