anthonycoslett

I work on Fall Risk AI / Trustfall, a runtime model-identity and AI supply-chain verification project.

Current focus: Trustfall Lite, an open-source CLI for checking local Hugging Face and Ollama model artifacts against a signed registry; and Trustfall Deep, a runtime model-identity protocol in design.

Interested in model provenance, runtime identity, AI security, signed evidence, and making infrastructure boring enough to trust.

https://www.fallrisk.ai

---

I built Trustfall Lite, an open-source CLI that scans local Hugging Face and Ollama model caches, computes artifact hashes, and checks them against a signed public registry.

https://github.com/fallrisk-ai/trustfall-lite

Install:

pipx install fallrisk-trustfall trustfall scan

By default, Trustfall can query the API with artifact hashes. It does not upload model bytes or file paths. There is also a local-only mode:

trustfall registry --refresh trustfall scan --local-only

It reports four states:

verified: artifact hash matches a signed registry record unknown_variant: model name appears in the registry, but local bytes differ not_enrolled: no registry record exists pilot_available: queued for enrollment

Important boundary: Trustfall Lite verifies artifact identity, not runtime identity.

It answers: "Do the bytes on disk match a signed record?"

It does not claim that the running process is structurally the same model. Runtime model identity is a separate layer.

Registry: https://fallrisk.ai/registry

Canonical signed JSON: https://attest.fallrisk.ai/registry.json

PyPI: https://pypi.org/project/fallrisk-trustfall

Project page: https://fallrisk.ai/trustfall-lite

Research / evidence boundary: https://fallrisk.ai/research

Founder scan: https://fallrisk.ai/articles/founder-scan

I’m especially interested in feedback from people running local model fleets, internal model caches, or AI supply-chain/security tooling.

anthony@fallrisk.ai