Cloudsmith ML model registry lays down the law

Northern Ireland’s burgeoning tech scene is home to Cloudsmith, an organisation known for its cloud-native artefact (i.e. everything from developer documentation and annotations to design diagrams and schematics, compiled executables, libraries, logs and configuration files… and source code itself) management platform. The company has now worked to address ML, model sprawl, compliance uncertainty and security risks with the release of its Cloudsmith ML Model Registry.

The company says that this platform enhancement comes about in the wake of incidents such as the documented cases of back‑doored models uploaded to public platforms like Hugging Face and GitHub, which have (arguably) shown how straightforwardly simple it is for malicious components to slip into production environments without automated safeguards.

With this release, Cloudsmith says organisations can apply the same rigour and policies they already use for software packages and containers to ML models and datasets, ensuring safer, more reliable workflows.

Hugging onto HuggingFace

The Cloudsmith ML Model Registry integrates directly with the Hugging Face Hub and SDK, enabling teams to push, pull, and manage models and datasets with familiar tooling while gaining centralised control, compliance and visibility.

Public models and datasets can be proxied and cached from Hugging Face into Cloudsmith, where security and compliance data is made available to Enterprise Policy Management, enabling organisations to apply consistent policies before artefacts are used in development or production.

“The rapid adoption of AI/ML is transforming the kinds of software enterprises are building, but most organisations still lack the governance to manage models and datasets safely,” said Alison Sickelka, VP of product of Cloudsmith. “With this launch, we’re bringing the same enterprise-grade controls, traceability and security to AI/ML assets that Cloudsmith customers rely on for every other part of their software supply chain.”

Key capabilities include unified artefact management to centralise ML models and datasets alongside containers and language-specific packages in one secure registry. There is also Hugging Face SDK compatibility and ecosystem integrations… and, the capability to push and pull models exactly as a developer would with HuggingFace, with no changes to developer workflows.

Enterprise Policy Management (EPM)

A proxy and cache open source models and datasets allows users to bring in models and datasets from Hugging Face, cache them in Cloudsmith and enforce enterprise policies before use. Secure model delivery here means surface security, compliance and package quality signals in Enterprise Policy Management, making it possible to automatically quarantine, block, or approve models based on policy.

Other functions include:

Integrated CI/CD for models to integrate with training, validation and deployment pipelines.
Control and distribute access functionality to protect proprietary models and datasets with fine-grained access controls, entitlement tokens and audit trails.
A flexible repository structure means developers can manage models and datasets in the same repositories as other binary artifacts, organised by project, environment, or customer delivery needs.

“With this release, teams can manage AI/ML models with full lifecycle visibility, from development to production, ensuring integrity, compliance and performance at every stage,” said Sickelka.

Have we been here before?

It almost feels like we’ve been here before i.e. remember the rise of cloud and the fact that the whole security protection layer movement happened somewhat after the initial hype and hyperbole that heralded the start of SaaS products as we know them today. Now that the technology industry has gotten over some of the excitement of large language models (oh yes, small language models too, plus RAG and a side order of agentic intelligence), meaning we can now start to look at the core DNA going into AI by (as Cloudsmith has already stated above) enabling teams to manage models and datasets with familiar tooling for compliance visibility.

ML Model Registry support is in early access at the time of writing.

Free image: Northern Ireland police force helicopter, Wikipedia

Financial results: Pure Storage impresses, Nutanix and NetApp disappoint

The quarterly figures of three major players in the storage market paint a mixed picture. Pure Storage impres...

Mels Dees August 28, 2025

Top story

Siemens tackles manufacturing complexity with digital backbone

In today’s industrial landscape, complexity has become the norm. Driven by growing customer demand for smar...

Berry Zwets August 8, 2025

Commvault launches HyperScale Edge and Flex for better cyber resilience

Commvault has launched two new solutions: HyperScale Edge and HyperScale Flex. These systems are designed to ...

Berry Zwets August 27, 2025

Expert Talks

Tech calendar

Stay tuned, subscribe!

China tries its hand at advanced AI chips without Nvidia: will it succeed?

Navigating VMware’s transformation under Broadcom

US stake in Intel aims to prevent sale of foundry division

Infoblox turns DNS into cybersecurity’s first line of defense

ServiceNow goes after the mid-market with its AI-based Core Business Suite

Evolution of private 5G and Wi-Fi: is convergence on the horizon?

Nutanix CTO explains their VMware alternative and multi-cloud strategy

SAP Sapphire Orlando: Unveiling a new pricing strategy

The AI productivity mirage: why leaders are aiming at the wrong target

Meeting future workload demands: the case for emerging memory technologies

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

NULLCON Berlin 2025

bit summit

GITEX DIGI_HEALTH 5.0 - Thailand

VeeamON Tour 2025

IT Arena

Innovation Week 2025

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices