Public attestation

Training-data declaration

Last reviewed: 2026-05-17 · Predicate type: https://securie.com/attestation/training-data/v1

Declaration

Securie does not train, fine-tune, distill, or otherwise adapt any machine-learning model on customer code — not by default, not on any tier, not under any add-on. There is no exception path. Specifically:

  • Stock-weight OSS models only. Securie serves stock-weight models exactly as published — Foundation-Sec-8B local, GLM-5.1, Hermes 4 405B, Gemini Flash-Lite, Claude Sonnet 4.6. Zero fine-tuned adapters in production; the inference router has no adapter layer. See /aibom for the per-model card.
  • No training corpus exists. The fine-tuning / LoRA / signal-capture infrastructure — including the former opt-in training-corpus store — was removed entirely. There is no per-customer adapter, no shared federated model, and no Training Addendum opt-in. The no-training guarantee is now absolute.
  • Public corpora only for benchmarking. Reference + held-out corpora used for public-bench (OWASP, CWE-Top-25, CVE replay, HackerOne disclosures) are all publicly sourced. None are scraped from customer repositories or PRs.
  • Customer code stays in-tenant. Customer source is processed at scan time inside the per-tenant RLS perimeter and is never persisted into any cross-tenant dataset, model, or weight.

Verification

The full signed predicate (when published) follows the in-toto v1 statement shape used elsewhere in Securie's attestation chain. Predicate body fields:

{
  "_type": "https://in-toto.io/Statement/v1",
  "subject": [{ "name": "securie/production", "digest": { "sha256": "<commit>" } }],
  "predicateType": "https://securie.com/attestation/training-data/v1",
  "predicate": {
    "trains_on_customer_code": false,
    "fine_tuned_adapters_in_prod": 0,
    "stock_models_in_prod": 5,
    "public_corpora": ["OWASP-Benchmark", "CWE-Top-25", "HackerOne-public", "CVE-replay"]
  }
}

The agent-side path emits this predicate via AttestationSigningKey::sign (Ed25519) — same chain as the per-finding + per-AIBOM attestations. Verification: download the envelope from the auditor portal evidence bundle, decode the DSSE payload, and verify against the published key at /.well-known/securie-attestation-public-key.

Change log

  • 2026-05-17 — Fine-tuning / LoRA / signal-capture infrastructure removed entirely. Declaration upgraded from "no training by default" to the absolute "no training on customer code, ever". The opt-in training-corpus store and the Training Addendum were retired.
  • 2026-05-14 — Initial declaration.

Changes to this declaration require a PR + reviewer sign-off per Securie's standard ADR process. The published predicate is re-signed on every change.