How Teams Use KitOps π οΈ β
KitOps helps organizations package, share, and deploy AI/ML models securely and reproducibly β using the same tools they already use for containers.
Teams around the world are using KitOps for:
- Reproducible handoff from development to production
- Security and compliance (including EU AI Act, NIST AI, ISO 42001)
- Organizing all model versions in one standard system
β‘οΈ See compatible tools
Level 1: Production Handoff β
Use Case: Reproducible, secure model handoff across teams using CI/CD
Most teams start by using KitOps to version a model when itβs ready for staging, UAT, or production. ModelKits serve as immutable, self-contained packages that simplify:
- CI/CD deployment of AI models
- Artifact signing and traceability
- App integration testing
- Secure, consistent model handoffs across teams
Organizations that are self-hosting models β€οΈ KitOps because it:
- Prevents unknown models from entering production
- Enforces licensing and provenance checks (e.g. for Hugging Face imports)
- Keeps datasets, model, and code synced and trackable
In Practice β
CI/CD pipelines using GitHub Actions, Dagger, or other systems can:
- Pull models or data
- Run compliance / security tests
- Package project artifacts as a signed, versioned ModelKit
- Push the ModelKit to a private OCI registry
β‘οΈ See how CI/CD with KitOps works
Level 2: Model Security β
Use Case: Scan and gate models during development or before release
Teams working in regulated industries or secure environments use KitOps to enforce security and integrity before a model is accepted into production.
In Practice β
- Build a ModelKit for each experiment run in MLFlow / Weights & Biases
- Sign the ModelKit
- Scan the ModelKit using your preferred security scanning tools
- Attach the security report as a signed attestation to the ModelKit
- Only allow signed and attested ModelKits to move into forward environments
- Track which model passed, which failed, and prevent risky surprises
Even when using other tools (MLFlow, Hugging Face, notebooks), KitOps provides a reliable security and auditing layer that protects environments from unsecure, or mistaken deployments.
Level 3: Versioning Everything β
Use Case: Full model, code, and dataset lifecycle tracking
Mature teams β especially those under compliance scrutiny β extend KitOps to development. Every milestone (new dataset, tuning checkpoint, retraining event) is stored as a versioned ModelKit.
Benefits:
- One standard system (OCI) for every model version
- Tamper-evident and content-addressable storage
- Eliminates confusion over which assets belong together
In Practice β
- Build a set of approved ModelKits by importing from Hugging Face or adding your own internal artifacts
- Push ModelKits to your OCI registry
- Eliminate duplicate work by starting projects from approved ModelKits
- Version datasets as ModelKits and link them from project ModelKits
- Perform signing, security testing and attestations as projects progress
- Enforce policies using OPA or similar technologies
β‘οΈ Get started with KitOps in your team.
Have feedback or questions? Open an issue on GitHub or join us on Discord.