I Spent 3 Months Solving a Security Gap Nobody Talks About: LLM Artifact Integrity

Last year I was debugging a production incident where a system prompt had been changed without anyone noticing. The model started giving weird responses, and it took us two days to figure out that someone had pushed a "minor" prompt tweak that completely changed the tone and safety behaviour of the system. That's when it hit me: we spend enormous effort signing container images and validating SBOMs. But the actual AI components, the prompts, the training data configs, the eval benchmarks — flow through our pipelines with zero integrity verification. So I built a tool to fix that. This is how I built it. The Gap That Bugged Me I work with Kubernetes, Terraform, and CI/CD pipelines daily. Tools like Sigstore, SLSA, and in-toto have made traditional software supply-chain security really solid. But when I looked at how my team handled LLM artifacts, it was basically the wild west. Think about what goes into a production LLM system: System prompts that define the model's personality and saf