Show HN: Model Due Diligence (github.com)

A new Python command-line tool called "model-due-diligence" has been launched, enabling users to conduct static supply-chain due diligence on local AI model files and cloned repositories before deploying them into runtime environments. This tool is designed to help users assess whether certain model artifacts or repositories are trustworthy by checking for potential issues such as unsafe serialization formats, suspicious repository content, and weak provenance. Although it provides a risk score based on identified artifacts, a clean report does not guarantee safety, highlighting the importance of further review before model deployment. The significance of this tool lies in its role as a risk-reduction measure for the AI/ML community, particularly in addressing the growing concerns about the integrity and security of AI models. By analyzing a range of indicators—from file permissions to Git provenance—it generates detailed reports in multiple formats, such as Markdown and JSON, facilitating integration into CI/CD workflows. While the tool cannot detect all forms of malicious behavior, such as threats embedded within model weights, it serves as a vital first step in model evaluation, helping users make informed decisions about which models to trust and import into their applications.