Thumbnail Image
Item

"Show Me You Comply... Without Showing Me Anything": Zero-Knowledge Software Auditing for AI-Enabled Systems

Scaramuzza,Filippo
Ferreira,Renato Cordeiro
Suller,Tomaz Maia
Quattrocchi,Giovanni
Tamburri,Damian Andrew
van den Heuvel,Willem-Jan
Abstract
The increasing exploitation of Artificial Intelligence (AI) enabled systems in critical domains has made trustworthiness concerns a paramount showstopper, requiring verifiable accountability, often by regulation (e.g., the EU AI Act). Classical software verification and validation techniques, such as procedural audits, formal methods, or model documentation, are the mechanisms used to achieve this. However, these methods are either expensive or heavily manual and ill-suited for the opaque, "black box" nature of most AI models. An intractable conflict emerges: high auditability and verifiability are required by law, but such transparency conflicts with the need to protect assets being audited-e.g., confidential data and proprietary models-leading to weakened accountability. To address this challenge, this paper introduces ZKMLOps, a novel MLOps verification framework that operationalizes Zero-Knowledge Proofs (ZKPs)-cryptographic protocols allowing a prover to convince a verifier that a statement is true without revealing additional information-within Machine-Learning Operations lifecycles. By integrating ZKPs with established software engineering patterns, ZKMLOps provides a modular and repeatable process for generating verifiable cryptographic proof of compliance. We evaluate the framework's practicality through a study of regulatory compliance in financial risk auditing and assess feasibility through an empirical evaluation of top ZKP protocols, analyzing performance trade-offs for ML models of increasing complexity.
Description
This work has been submitted to the ACM Transactions on Software Engineering and Methodology for possible publication
Date
2025-10-30
Journal Title
Journal ISSN
Volume Title
Publisher
Collections
Tilburg University Research Output Collection
Show all metadata
Files
Thumbnail Image
2510.26576v1.pdf
Adobe PDF1.54 MB
Research Projects
Organizational Units
Journal Issue
Keywords
Zero-Knowledge Proofs, Machine Learning Operations, MLOps, Software Auditing, Trustworthy AI, Regulatory Compliance, Cryptographic Verification
Citation
Scaramuzza, F, Ferreira, R C, Suller, T M, Quattrocchi, G, Tamburri, D A & van den Heuvel, W-J 2025 '"Show Me You Comply... Without Showing Me Anything" : Zero-Knowledge Software Auditing for AI-Enabled Systems'.
URI
https://hdl.handle.net/20.500.14602/104514
License
info:eu-repo/semantics/restrictedAccess
Embedded videos