How Provenance Enables Responsible Open-Source AI Governance

The rapid growth of open-source and open-weight AI models have fundamentally changed how organizations can develop and deploy AI. This expansion has unlocked greater flexibility, faster innovation, and the ability to tailor models for specialized or sensitive environments.

At the same time, they have introduced new challenges — many AI systems are now built on complex, layered supply chains that are increasingly difficult to understand and control.

As models are fine-tuned and combined across teams and organizations, questions about origin, training data, and licensing move from being theoretical concerns to operational risks. For compliance teams, the lack of visibility into how a model was built or what obligations it carries could undermine compliance, resilience, and user trust.

In this article, we will discuss why AI model provenance traceability should no longer be optional in an era of open-source AI models. Provenance helps organizations manage risk at scale, providing critical transparency and accountability for adopting open-source AI safety as the ecosystem continues to grow.

/en_us/blog/fragments/perspectives-by-splunk-newsletter

Why Security Teams are Shifting to Open-Source AI for Control and Transparency

Open-source AI security models are a strategic imperative for the resilience, transparency, and innovation that modern security demands. In real-world cybersecurity operations, complexity is the rule, not the exception. Modern workflows are chaining together multiple large language models (LLMs) for tasks such as planning, summarizing, and generating recommendations.

Open-source and open-weight models are rapidly becoming indispensable for many security teams because they allow organizations to:

Fine-tune models for specialized needs, adapting quickly to new threats or industry-specific requirements.
Optimize for performance, latency, or on-premises security, crucial for organizations with strict operational or compliance needs.
Maintain full deployment control, especially in air-gapped, highly regulated, or sensitive environments where data must remain on-premises.

By contrast, closed API-based models can lead to vendor lock-in and limit transparency, flexibility, and auditability. Increasingly, open-source models are matching or exceeding closed models on real-world cybersecurity benchmarks, such as the CTI-RCM benchmark, as they can offer tailored solutions without sacrificing security or sovereignty.

The pace of open-source model and dataset release is accelerating. Major repositories such as Hugging Face now host over 2 million models, with new models and datasets added continuously.

The sheer scale of open-source models and datasets have also increased AI model supply chain complexity. Dependency chains become more difficult to trace as teams reuse and modify enormous models and datasets. A single deployed system may incorporate multiple upstream models and training datasets, which often have limited visibility into their origins. While reusing these models can accelerate innovation and lower barriers to adoption, the absence of traceability mechanisms can also complicate inherited risk assessments and compliance obligations.

Pain points in the OSS era

In addition to new opportunities for innovation, the scale and diversity of AI models also introduce novel security risks.

One of the new risks emerging congruently with the rapid ecosystem expansion is the increasingly complex supply chain system underlying AI model development. For example, organizations and teams =often have access to limited documentation of upstream dependencies or contributors for the open-source models and datasets they reuse, modify, and fine-tune. A single deployed system may incorporate multiple base architectures, derivative checkpoints, and externally sourced datasets, each subject to different licensing terms, data-use restrictions, or jurisdictional requirements. Without clear lineage, organizations may risk unknowingly inheriting compliance gaps that only surface after deployment.

Thorough due diligence in the AI era requires the ability to systematically trace how models were sourced, modified, and governed throughout their lifecycle. And understanding provenance can be critical to addressing this risk.

The critical role of model provenance traceability

As an answer to these challenges, provenance provides a foundation to trust in AI systems by providing essential information on AI models’ origins, how they are developed, and under what conditions they are deployed.

The belief that provenance provides requisite trust is shared worldwide by regulators and policymakers alike, who are increasingly attuned to the importance of AI model lineage. In Europe, for example, the EU AI Act requires providing the training data, compute thresholds, origins and model architecture of certain AI models, including open source.In the United States, the Pentagon's Supply Chain Risk Management (SCRM) Taxonomy outlines critical risk categories, such as regulatory and compliance risk, foreign ownership, control or influence (FOCI) Risk, and cybersecurity risk.

Internationally, ISO’s 42001 AI Risk Management Framework underscores the importance of tracking data provenance to ensure the traceability, documentation, transparency, and governance of AI models. Provenance information can help organizations map their models to these frameworks. As a result, provenance is not just a feature — it can help drive safe and secure AI adoption.

Turning policy momentum into practice

Policymakers are starting to recognize the role of open source as a cornerstone of AI security, privacy, and innovation. The White House AI Action Plan supports the adoption and development of open-source and open-weight AI models. Openness can support greater transparency, give practitioners more control over deployments, and allow the broader security community to advance innovation together.

The plan states that AI open-source models have a unique value for innovation because of their flexibility. For that reason, they also offer a host of benefits to commercial and government entities, many of which house classified or sensitive data they can’t share with closed model vendors.

The plan also highlights that open source is essential to strong cybersecurity posture, enabling robust data privacy and community-driven innovation. Notably, it encourages open access to computing resources — particularly for researchers and small companies — and positions open models to enhance the security of sensitive data.

Beyond the White House, the national security community has also emphasized the motivation to adopt open-source models. In June 2025, the National Security Agency (NSA), alongside the Artificial Intelligence Security Center (AISC), issued joint guidance recommending best practices for data security that underscored the importance of open-source AI models — from platforms like Hugging Face — for secure AI development. The guidance highlighted policy-relevant advantages including transparency, data provenance, and integrity.

Key dimensions of AI model provenance

As demonstrated above, an increasingly sophisticated system of standards and practices is emerging to support AI model provenance. The following are several key categories of provenance information for robust AI supply chain governance:

Production: By capturing metadata about an AI model’s parameters, training compute thresholds, and distribution platforms, organizations can demonstrate due diligence when selecting and deploying models. Providers: Identifying the organizations or entities responsible for creating or supplying a model — including their countries of origin — helps support risk assessments. For example, being aware of foreign ownership or control can be vital when assessing compliance with export controls, sanctions, or sector-specific regulations.
Lineage: This includes tracing a model’s development history, including its base model and any subsequent modifications.
Licensing: By surfacing license terms, usage rights, and potential restrictions —such as remote access or size clauses — organizations can better identify and understand licensing restrictions.
Security evaluation: Provenance can help organizations meet security-related requirements or policies, such as through disclosure of known vulnerabilities, and the steps they can take to mitigate them.

As open-source AI becomes more prolific across a wide range of industries, organizations will be increasingly responsible, and accountable, for conducting thorough due diligence when it comes to governance. Laying the groundwork with provenance will go a long way in preventing compliance violations, financial penalties, and unwanted audits down the road.

Turning AI provenance into a standard operational practice

As organizations set the bar higher for AI governance and transparency, provenance is shifting from an abstract concept to a practical requirement. A small but growing set of standards and practices is emerging to support more consistent documentation of how models are built, modified, and deployed. Mechanisms such as model cards and datasheets for datasets provide structured ways to capture information about model behavior, training data characteristics, and intended use.

At the platform level, repositories such as Hugging Face have begun to surface metadata related to lineage, licensing, and usage constraints. While this information is not yet uniformly applied, it represents an important step toward making provenance visible at scale in open-source environments.

In practice, effective provenance efforts prioritize consistency over completeness. Rather than attempting to reconstruct full lineage retroactively, organizations should introduce provenance requirements at key decision points, such as model intake, fine-tuning, or deployment approval. Even partial visibility into a model’s origins, dependencies, and licensing terms can materially improve auditability and reduce uncertainty as systems evolve.

Provenance provides the connective layer between technical systems and external constraints. It can help organizations explain deployment decisions, demonstrate due diligence, and conduct more deliberate, risk-informed decision-making.

Provenance as the foundation for secure OSS AI adoption

The move from transparency to trust in our interconnected digital world is not a single leap, but a continuous process — one that requires commitment from developers, organizations, and policymakers alike.

Open-source is not just a technical choice; it can be a strategic enabler for resilient, trustworthy digital infrastructure. With support from both the White House and national security agencies, open-source security models can help define the future of secure and responsible AI. And with robust, standardized provenance, organizations can safely leverage the abundance of OSS models and data to their fullest potential.

To learn more about open-source AI and its impact on industry, please subscribe to the Perspectives by Splunk monthly newsletter.

style

two-column

No results

/en_us/blog/fragments/about-splunk

/en_us/blog/fragments/subscribe-footer

/en_us/blog/fragments/perspectives-promo