signAI monitors behavioral integrity continuously — detecting backdoor attacks, poisoned training updates, supply chain tampering, and inference drift before they cause harm.
A model can maintain high accuracy while behaving maliciously on specific inputs, leaking information, or drifting from its validated baseline. signAI catches this.
A model that was clean when validated but now responds to a hidden trigger — inserted by a third-party trainer or via supply chain compromise.
Malicious training updates that subtly shift model behavior over time. Detected by monitoring the geometry of parameter updates during fine-tuning.
A model delivered by a vendor or downloaded from a hub that does not behave the way you validated it. signAI flags the drift immediately on first calibration.
Gradual or sudden change in the model's activation and output distribution — caused by redeployment, quantisation, or serving infrastructure changes.
All detectors calibrated at 5% FPR. Results on ResNet-18 / CIFAR-10 with PGD, OOD, model extraction, and backdoor attacks.
General purpose. Best starting point for any model.
Better discrimination on large activation spaces.
Captures correlation structure across activation blocks.
signAI is built for teams where a model failure has real financial, safety, or reputational consequences.
Know that the model making credit decisions today matches what your risk team validated last quarter — whether it's a deep network or a gradient boosting ensemble.
Detect drift or tampering in models used for diagnosis or risk stratification before it reaches a clinician.
A single monitor that catches behavioral anomalies across inference and training — without exposing model weights or raw inputs to a third-party service.
Verify that a model received from a vendor, fine-tuned by a contractor, or downloaded from a hub behaves exactly as the clean reference you validated.
signAI is built so privacy is enforced structurally, not by policy.
s and z float vectors are transmitted — typically under 100 bytes per score call{timestamp, score, flagged, phase} is stored in historyYou can run fully local with no server at all. The server mode adds history, alerts, and audit export — but never sees your model.
Two small float arrays — dimensionality ~10–50 — summarising how your model responded. Not the model, not the inputs.
Model weights, training data, raw inputs, gradients, predictions. All remain in your environment, always.
signAI's extractor plugin system is designed to extend to any model type. Current and roadmap support:
CNNs, ViTs, HuggingFace classification models. Auto-selected via monitor.attach().
HuggingFace generative models and any model over 200M parameters. Constant memory regardless of model size.
XGBoost, LightGBM, CatBoost, sklearn ensembles. Highest priority — fintech teams run these for credit and fraud.
Framework extensions via the same extractor plugin interface. TF2/Keras first, then JAX/Flax, then ONNX inference-only.
Start local. Graduate to a server when you need history, alerts, and multi-model dashboards. Your code doesn't change.
Load integrity.json and score in-process. No server, no network. Best for notebooks and air-gapped environments.
Run signai-server inside your VPC. File or Postgres-backed. Full history, alerts, and audit export.
Same remote API contract against a private internal host. No internet connectivity required. No model data leaves your network.
Point the SDK at a managed endpoint. Centralised artifacts and scoring history — features extracted locally, always.
Attach, calibrate, save. Then load and score in your inference or training loop.
monitor.attach()phase="inference"score_inference(x, y) in your serving loopresult.flagged however you needfrom signai import monitor
m = monitor.attach(model, num_classes=10)
m.calibrate(clean_loader, device="cpu",
phase="inference")
m.save("./integrity.json")
m = monitor.load(model,
artifact="./integrity.json")
for x, y in test_loader:
result = m.score_inference(x, y)
if result.flagged:
route_to_fallback(x)
phase="training" — pass your optimizer and criterionoptimizer.step()m = monitor.attach(model, num_classes=10)
m.calibrate(train_loader, device="cpu",
phase="training",
optimizer=optimizer,
criterion=criterion)
m.save("./integrity_train.json")
m = monitor.load(model,
artifact="./integrity_train.json")
for x, y in train_loader:
logits = model(x)
loss = criterion(logits, y)
loss.backward()
optimizer.step()
result = m.score_training(logits, loss)
if result.flagged:
quarantine_update(result)
We review every application before granting access. signAI is a fit for ML teams running production models where behavioral integrity is a real requirement.
All three detectors, local and server deployment, 30-day scoring history.
Save up to 37% on longer durations.
Full history retention, shared artifact store, and per-seat audit trails across your team.
Save up to 37% on longer durations.
How it works: Send an application email describing your use case. We review it within one business day and reply with a Stripe payment link for your chosen plan and duration. Once payment clears, your license key is delivered automatically.
What signAI is, what it detects, the public API, and how to get started in five minutes.
Full walkthrough — classifier and LLM quick starts, detector selection, daemon server, custom extractors.
Local, self-hosted, Render, HuggingFace Spaces, air-gapped. Upgrade path from previous versions.
Only compact behavioral vectors transmitted. Model weights, inputs, and gradients stay in your environment.