On-Demand Demo Sandbox

Security and Governance for
Self-Hosted Kubernetes AI

Jozu extends DevOps security practices to AI/ML with tamper-proof packaging, automated vulnerability scanning, deployment gates, and complete audit trails.

Made for on-prem and air-gapped Kubernetes environments, Jozu ensures your models aren't tampered with by providing cryptographic verification, tracking their complete lineage, and demonstrating compliance through policy enforcement and audit reports.

Already Using KitOps?

Jozu extends the open source packaging you're already using with enterprise
security and governance capabilities:

  • Multi-scanner vulnerability analysis
  • Policy enforcement across environments
  • Cryptographically-signed audit trails
  • Detailed compliance reporting

Your existing KitOps workflow, with added production-grade controls.

Enterprise support for KitOps
THE PROBLEM

Models Move from Prototype to Production. Your Security Controls Don't.

Data scientists build models using notebooks and public APIs. But production deployment requires much more. Most organizations bridge this gap with manual processes - and that's where things break. Human error is involved in 74% of security breaches according to Proofpoint’s 2024 Voice of the CISO report.

  • Unverified

    No cryptographic verification between what data scientists trained and what gets deployed

  • Unscanned

    Models reach production without the vulnerability scanning that's standard for application code

  • No Lineage

    Can't trace production models back to the training data, code, and dependencies that created them

  • Manual

    Audit preparation requires manually reconstructing lineage from S3 file names, Slack messages, and dev tickets

  • Scattered

    Rollback decisions depend on finding the person who knows the right model version

THE JOZU SOLUTION

Jozu Provides. Core Security Capacities.

Stop stitching together tools to secure ML models in production. Jozu provides tamper-proof packaging, vulnerability scanning, policy enforcement, and audit trails - deployable in air-gapped environments or behind your firewall.

  • Establish cryptographic integrity

    • Automated audit trails with cryptographic verification
    • SBOM generation and signed security reports
    • Complete chain of custody from training to production

  • Prevent a wide range of vulnerabilities

    • Supply chain attacks with malicious model files and data poisoning
    • Content safety violations with toxic prompts
    • Behavioral vulnerabilities like prompt injection and jailbreaking
    • Adversarial robustness against evasion attacks
    • Privacy risks from data leakage and inferred membership
    • Model integrity risks from backdoors and poisoning

  • Block vulnerable models before deployment

    • CVE scanning of all model dependencies
    • Policy-based deployment gates
    • Automated blocking with audit trail
    • Tamperproof, Hardened ModelKits

  • Prove compliance without manual work

    • Automated audit trails with cryptographic verification
    • SBOM generation and signed security reports
    • Complete chain of custody from training to production

  • Deploy anywhere with consistent security

    • Full functionality in air-gapped environments
    • No external API dependencies
    • Works with existing enterprise security infrastructure
HOW IT WORKS

ModelKits:
Immutable, Versioned, Secure

Instead of managing ML projects as files scattered across separate disconnected repositories, Jozu tracks and versions them together.

  1. 1

    Package models as immutable artifacts:

    Jozu builds on KitOps, the CNCF open source project for ML packaging, adding enterprise security and governance capabilities. Models, dependencies, and metadata get wrapped into OCI-compliant ModelKits with cryptographic signatures - replacing mutable files with versioned, verifiable artifacts.
  2. 2

    Scan and enforce policies automatically:

    Every ModelKit gets scanned for vulnerabilities before deployment. Pre-defined or custom policy gates block models with CVEs, missing signatures, or other violations - no manual intervention required.
  3. 3

    Connect production workloads directly to source artifacts:

    Each ModelKit has a SHA digest that matches the deployed model's ID in Kubernetes. Need to trace a production model back to training? The SHA connects directly to the specific model file. Rollback means selecting the exact ModelKit SHA, not guessing which S3 file matches production.
  4. 4

    Deploy with your existing tools - or use ours:

    ModelKits work with standard Kubernetes deployments, KServe, and Kubeflow. Or deploy using Jozu's hardened rapid inference containers (RICs) for faster performance and reduced attack surface.
Outcome
  1. 1

    Connect production models to their source

    Every model or agent in production maps directly to the exact training data, code, dependencies, and configuration that created it. When a model behaves unexpectedly or needs investigation, you have immediate answers instead of reconstructing history from disparate logs and developer memory.
  2. 2

    Prevent security incidents before they happen

    Organizations with extensive security automation save $1.9M per breach (33% less) according to IBM's 2024 Cost of a Data Breach Report. Jozu brings that automation to ML model security and governance.
    Multiple scans generate signed attestations that enforce your security policies across every environment - dev, staging, prod, edge. Models with critical CVEs, licensing issues, or missing signatures can't deploy, eliminating the visibility and security gaps that cause production incidents.
  3. 3

    Speed data gathering for audits by 87%

    Cryptographically-signed audit trails capture every model change, access, and deployment automatically. Export comprehensive change logs and security attestations as source data for NIST, HIPAA, SOX, GDPR, and ISO 42001 compliance reports. Customers report a reduction in time spent gathering audit evidence from days to minutes.
  4. 4

    Maintain security in air-gapped environments

    Full scanning, signing, and audit capabilities work offline with no external dependencies. Deploy Jozu to isolated networks, edge devices, or classified environments while maintaining the same security controls.

Customer Validation

Jozu's technology is used by US and European governments, and global enterprises in every vertical.

logo of pacific northwest national logo of the US department of veterans affairs logo of the DSV

AI/ML Security for Regulated Industries

Healthcare & Pharma

Meeting FDA validation and HIPAA requirements for ML models

What Jozu provides:
  • Complete audit trails required for GxP compliance
  • Traceability for quality system requirements
  • Documentation for regulatory submissions
  • Tamper-proof logging for inspections

Financial Services

Ensuring model governance and compliance

What Jozu provides:
  • Immutable audit trails for SOX compliance
  • Cryptographic verification of model integrity
  • Complete chain of custody from development to production

Government & Defense

Operating in secure, air-gapped environments

What Jozu provides:
  • Complete air-gapped operation with no external dependencies
  • Built by founders with DoD software development experience
  • On-premises deployment for classified environments

Start your free Jozu trial

Interested in testing Jozu in your private environment? Download the Helm Chart, and start your 2-week trial.

  • STEP 1

    Install

    Jozu Hub can be installed in your environment in just 1-hour, with no disruptions to existing workflows. We suggest taking a baseline measurement of current deployment times and security gaps, to benchmark against.

  • STEP 2

    Evaluate

    Once installed, you can run real-world tests with your models and infrastructure for up to 2-weeks. This will allow you to measure Jozu's performance against your existing tools and processes.

  • STEP 3

    Review

    At the end of your 2-week trial our team will work with you to review your results, and help you quantify improvements and ROI. This includes an implementation and roadmap discussion.

Works with Your Existing Tools

  • KServe for model serving

  • Kubeflow, Argo, or other CI/CD pipelines

  • Your current OCI registry (or use Jozu Hub)

  • Existing RBAC and authentication systems

FAQs

Let us help you with
some of your frequently
asked questions

Can I use Jozu Hub with my existing tools?

Yes, users on any of our plans can have as many integrations as they need - Jozu Hub is commonly accessed from CI/CD systems (like GitHub Actions or GitLab), and experiment trackers (like MLFlow). Free plan users can use their own account credentials for those systems, while paid plan users can create dedicated integration users and credentials.

Can I use my own registry with Jozu Hub?

Enterprise users can use Jozu Hub with any existing private registries and setup API access for automation.

What are Hardened ModelKits?

Jozu builds container images that includes a specific version of the model, an inference runtime, and a REST API for using the model. We add a software build-of-materials (using SPDX 3) and a signed provenance attestation so you know exactly what was put in, and who built it. Just like hardened container images, these hardened ModelKits are safe to use as-is, or as a base for further in-house fine tuning or RAG pipelines.