Cloudsmith, the leading cloud-native artifact management platform, today announced its ML Model Registry, extending enterprise-grade governance and security to the machine learning models and datasets powering modern software.
As enterprises increasingly adopt ML, model sprawl, compliance uncertainty, and security risks are becoming critical challenges. Incidents like they documented cases of back‑doored models uploaded to public platforms like Hugging Face and GitHub, have shown how easy it is for malicious components to slip into production environments without automated safeguards.
With this release, organizations can apply the same rigor and policies they already use for software packages and containers to ML models and datasets, ensuring safer, more reliable workflows.
READ MORE: Artificial Intelligence research from Ulster University set to supercharge 6G Networks
The Cloudsmith ML Model Registry integrates directly with the Hugging Face Hub and SDK, enabling teams to push, pull, and manage models and datasets with familiar tooling while gaining centralized control, compliance, and visibility. Public models and datasets can be proxied and cached from Hugging Face into Cloudsmith, where security and compliance data is made available to Enterprise Policy Management (EPM), enabling organizations to apply consistent policies before artifacts are used in development or production.
"The rapid adoption of AI/ML is transforming the kinds of software enterprises are building, but most organizations still lack the governance to manage models and datasets safely," said Alison Sickelka, VP of Product of Cloudsmith. "With this launch, we’re bringing the same enterprise-grade controls, traceability, and security to AI/ML assets that Cloudsmith customers rely on for every other part of their software supply chain."
Key capabilities include:
· Unified Artifact Management: Centralize ML models and datasets alongside containers and language-specific packages in one secure registry.
· Hugging Face SDK compatibility and ecosystem integrations: Push and pull models exactly as you would with HuggingFace, with no changes to developer workflows.
· Proxy and cache open source models and datasets: Bring in models and datasets from Hugging Face, cache them in Cloudsmith, and enforce enterprise policies before use.
· Secure model delivery: Surface security, compliance, and package quality signals in Enterprise Policy Management, making it possible to automatically quarantine, block, or approve models based on policy.
· Integrated CI/CD for models: Seamlessly integrate with training, validation, and deployment pipelines.
· Control and distribute access: Protect proprietary models and datasets with fine-grained access controls, entitlement tokens, and audit trails.
· Flexible repository structure: Manage models and datasets in the same repositories as your other binary artifacts, organized by project, environment, or customer delivery needs.
With this release, teams can manage AI/ML models with full lifecycle visibility, from development to production, ensuring integrity, compliance, and performance at every stage.
Availability
ML Model Registry support is in early access. Learn how you can start managing your machine learning models in Cloudsmith by visiting https://cloudsmith.com/product/ml-model-registry
Sync NI's Summer 2025 magazine celebrates women in tech across Ireland as we continue to encourage more women to enter the thriving sector and address the current gender imbalance. Read the Summer 2025 Sync NI Magazine online for free here.