12 MINUTE READ
Build Bulletproof ML Pipelines with Automated Model Versioning
Jesse Williams
COO/CMO
The Jozu Blog
ai - 10 min read
What Mini Shai-Hulud Teaches Us About AI Supply Chain Security
The Mini Shai-Hulud worm pushed malicious npm packages with valid SLSA Level 3 attestations. Here's why signing isn't enough — and what defense actually requires.
ai - 10 min read
Package the Agent, Not Just the Model: Native Skills Support in KitOps
Package agent skills, configs, and model weights as versioned ModelKits with KitOps v1.12.0. Push to Jozu Hub and serve locally with Jozu Rapid Inference Containers.
17 min read
Running a Local Coding Agent with OpenCode and Jozu Rapid Inference Container (RICs)
Learn how to package a quantized LLM as a ModelKit, deploy it locally with a Jozu Rapid Inference Container, and connect it to OpenCode to run a fully private AI coding agent on your own hardware.
ai - 7 min read
Signing Is Not Enough: Why AI Artifact Provenance Needs to Be a Graph
Signing your AI models isn't enough. Learn why fine-tuned model provenance requires graph traversal, not just attestations, to close the supply chain gap.
13 min read
Claude Managed Agents: What It Solves and What Enterprises Still Need
ai - 11 min read
Prompt Drift Is the New Shadow Deploy
Your model didn't change. Your prompt did. Can you prove exactly what ran in production? KitOps v1.11 treats prompts as first-class release artifacts, closing the supply-chain gap between behavior changes and governed deployments.