“Conduct regular audits of all software, tools, and datasets,” and compensate for the fact that “currently there are no strong provenance assurances in published models” — Model Cards alone are self-reported and easy to copy.

The fake-OpenAI repo (Slide 14) copied its Model Card “nearly verbatim.” A README is documentation, not proof. Provenance asks the questions a copied card can't fake: which exact training run, which datasets, signed by whom?

→ Prefer artifacts with verifiable provenance (signed attestations, model lineage, dataset documentation) over a nice-looking card
→ Record provenance for everything you adopt and re-audit it on a schedule
→ Watch for emerging standards (signed model attestation, decentralized identity) and adopt them as they mature

For a production model, try to trace it to a specific, signed origin. If all you have is a hub page and a README, you have a story — not provenance.