Cyscale

Back to controls

AI model artifacts should use private storage

Model artifacts can contain proprietary model weights, embedded data patterns, configuration, or sensitive training outputs. Production AI services should load model artifacts from private, access-controlled storage instead of generic public HTTP locations.

Category

Controls

High

Applies to

AWSGoogle Cloud

Coverage

1 queries

Asset types

3 covered

Overview

Model artifacts can contain proprietary model weights, embedded data patterns, configuration, or sensitive training outputs. Production AI services should load model artifacts from private, access-controlled storage instead of generic public HTTP locations.

Remediation guidance

Remediation

Move model artifacts to private cloud storage with least-privilege access, encryption, and audit logging. Avoid direct public HTTP artifact URLs for production models.

Copy artifacts into an approved private bucket or artifact registry.
Restrict access to the model deployment identity.
Enable encryption, logging, and lifecycle policies for model artifact storage.

Query logic

These are the stored checks tied to this control.

AI model artifacts should use private storage

Connectors

AWSGoogle Cloud

Covered asset types

AI ServicesModelStorage

Expected check: eq []

{
  sageMakerModels(where: { primaryContainerModelDataURL_MATCHES: "(?i)^https?://.*" }) { ...AssetFragment }
  vertexAIModels(where: { artifactURI_MATCHES: "(?i)^https?://.*" }) { ...AssetFragment }
}

Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

Platform

Cloud Native Application Protection (CNAPP)Cloud Security Posture Management (CSPM)Cloud Infrastructure Entitlement Management (CIEM)Kubernetes Security Posture Management (KSPM)Cloud Compliance Cloud Security for MSSPs Cloud Vulnerability Management ASPM + Code Scanning Secrets + Outdated Software AI-SPM Platform Book a Demo Start a Trial Pricing

Use Cases

Cloud Misconfigurations Vulnerability Management Code Vulnerability Scanning AI Security Operational Security IAM Cloud Security Cloud Data Security Cloud Compliance NIS 2 Compliance DORA Compliance Kubernetes Security Microsoft Entra ID Security Google Workspace Security

Industries

Managed Security (MSSPs)FinTech Banks HealthTech Telecom Legal Tech HRTech M&A Due Diligence Mobile Apps

Compare

Cyscale vs Wiz Cyscale vs Lacework Cyscale vs Zscaler Cyscale vs Orca Security Cyscale vs AWS Cyscale vs Google Cloud Cyscale vs Microsoft Azure

Resources

Blog Security Wiki Product Tours Case Studies Documentation Data Sheet FAQ + Support Cloud Security Buyer’s Guide SaaS CTO Cloud Security Handbook Top 10 Cloud Security Challenges

Company

About Us Cloud Security Made in Europe Careers Contact Us

+44 7401 208466

[email protected]

ISO 27001Compliant

SOC 2In progress

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of use Security Policy Privacy Policy Status Sitemap

Terms of use Security Policy Privacy Policy

crunch base icon