Secure AI Supply ChainSecure AI Supply Chain

AI Solutions

Scaling AI Securely: The Dell Enterprise Hub Advantage

Dell Enterprise Hub secures AI supply chains with multi-layered protection, cryptographic signing, and offline deployment capabilities.
By   |  

Key takeaways: Dell Enterprise Hub provides comprehensive AI security through multi-layered protection including daily vulnerability scanning, cryptographic image signing, and SHA384 hash verification. The platform enables fully offline AI deployment for regulated industries while ensuring model-level security through malware detection and pickle file safety checks. Organizations gain trusted AI deployment capabilities that balance performance with enterprise-grade security requirements.

Dell Enterprise Hub strengthens supply chain security

As enterprises accelerate their adoption of generative AI and large language models, the conversation is shifting from “Can we run AI?” to “Can we run AI securely?” Modern AI stacks rely on complex software supply chains – containers, dependencies, models and runtime components – all of which must be trusted.

The Dell Enterprise Hub (DEH https://dell.hf.co) was built with this reality in mind. Beyond enabling high-performance AI deployment across a wide range of Dell systems, DEH applies rigorous, multi-layered security practices designed to protect enterprises from emerging threats in the AI ecosystem.

Below, we explore how DEH strengthens supply chain integrity – from container images to model files to completely offline operation.

  1. Securing Docker Images with a Multi-layered Approach

DEH provides custom Docker images that allow users to run popular Hugging Face models seamlessly across a broad range of Dell infrastructure. But in enterprise environments, high performance alone isn’t enough – these images must also be safe, trustworthy, and verifiable.

DEH employs three major layers of protection for container security:

a. Continuous Vulnerability Scanning

Software vulnerabilities are uncovered every day. Even a “finished” Docker image can become outdated as new CVEs (Common Vulnerabilities and Exposures) emerge.

To minimize this risk, DEH uses Amazon Inspector to perform daily vulnerability scans across all model container images. This ensures:

    • Rapid detection of newly published CVEs
    • Prioritization based on CVSS v3 severity ratings
    • Immediate alerts for critical issues
    • Ongoing security visibility, not just point-in-time checks.

This proactive scanning dramatically reduces the likelihood that a newly disclosed vulnerability could put enterprise deployments at risk. When a CVE affects a dependency, DEH updates the software stack and repackages the container, ensuring enterprises always have a secure image available.

b. Image Signing with Cosign

Authenticity is essential for enterprise AI environments. To safeguard against tampering and supply chain compromise:

    • All DEH Docker images are cryptographically signed with Cosign [sigstore/cosign]
    • Images are published under official Hugging Face repositories

This enables organizations to verify:

    • The image truly originates from Dell Enterprise Hub
    • No corruption or unauthorized modification occurred during distribution

With a simple Cosign verification command, users gain cryptographic assurance of image provenance.

c. SHA-384 Hashes for Transparent Integrity Verification

To further strengthen supply chain validation, DEH publishes:

    • A SHA-384 hash for each Docker image manifest
    • An open dataset of all hashes hosted publicly on Hugging Face Hub

Users can compare the hash of their downloaded image with the official value, ensuring:

    • Their downloaded image matches exactly
    • No tampering occurred at any point
    • Integrity is fully preserved

This provides a simple yet powerful layer of transparency for security-minded enterprises. While SHA‑256 is still widely used, SHA‑384 offers stronger long‑term security due to its 384‑bit output and higher collision resistance. It also leverages the SHA‑512 engine, which often performs faster on 64‑bit systems—making it a future‑ready choice as post‑quantum security standards evolve.

  1. Ensuring Model-Level Security

Securing the container is only half the equation; the model files themselves must also be trustworthy. Hugging Face applies multiple checks to detect potential malicious or anomalous content within models.

a. Malware and Pickle Scanning

Every model published on Hugging Face undergoes:

    • In-house malware scanning
    • Third-party security analysis
    • Pickle file safety checks

Enterprises can review the scan results directly under each model’s “Files and versions” tab. This helps organizations avoid:

    • Embedded malicious code
    • Manipulated or compromised model weights
    • Attacks leveraging unsafe serialization

As AI models become more widely distributed, these model-level protections are essential for secure deployment.

  1. Fully Offline, On-Premises Operation

For many organizations – especially in regulated industries – data isolation is mandatory.

DEH containers are fully self-contained, enabling:

    • Deployment without any external internet connectivity
    • Execution entirely within an organization’s infrastructure
    • Zero model or inference data leaving the environment

This architecture supports sectors such as healthcare, finance, government, and critical infrastructure that require end-to-end control over data and operational environments.

  1. A Note on Security Scan Results

Dell provides vulnerability and integrity information to help customers with their security processes, but this information is provided as‑is, may not cover every risk, and should only be treated as supplemental guidance. Ultimately, each organization is responsible for continuously evaluating, monitoring, and enforcing its own security controls.

A trusted path to secure AI at scale

The Dell Enterprise Hub delivers much more than high-performance AI deployment. Through layered security practices like rigorous vulnerability scanning, cryptographically signed images, published integrity hashes, model malware detection, and fully offline operation, it helps enterprises safeguard their AI supply chain from end to end.

As AI adoption accelerates, security cannot be an afterthought. Dell continues to invest in delivering greater security across every architectural layer, and the Dell Enterprise Hub stands as proof of this commitment.

With these capabilities, organizations gain a trusted path to deploy AI confidently, securely, and at scale. I invite you to explore the Dell Enterprise Hub today and see how these security enhancements to our comprehensive AI solutions can accelerate your journey from experimentation to large scale, trusted deployments.

In the model catalog, the Model Details tab displays the model scan results. The Deploy tab shows the container scan results for each model in DEH.]

About the Author: Mukund Khatri

Fellow and Vice President, Office of the CTO, Dell Technologies

Mukund Khatri currently serves as Dell Fellow and Vice President in the Office of the CTO at Dell Technologies where his responsibilities include Security strategy and technology innovations for Dell Infrastructure products and offers, collaborating with product planning and business strategy teams. He also leads Dell’s efforts in critical Cybersecurity forums, industry standards and with key partners on emerging threats and technologies.