ModelPacks Join the CNCF Sandbox:A Milestone for Vendor-Neutral AI Infrastructure

Today, I’m thrilled to announce that the ModelPack specification has been officially accepted into the CNCF Sandbox.

This is more than just a milestone for the Jozu team or the KitOps community — it’s an important step for the AI/ML ecosystem as a whole. It marks the emergence of the first vendor-neutral, open standard for packaging, versioning, and securing AI/ML project artifacts. For anyone serious about keeping AI projects secure throughout their lifecycle and into production a secure and open standard is a boon.

The Packaging Problem AI Has Ignored for Too Long

AI and machine learning have seen remarkable innovation. But while the models have evolved rapidly, the tooling used to manage and deploy them remains cobbled together — niche, fragile, proprietary, and hard to scale.

It’s easy to forget amidst the hype, but a successful enterprise AI project is more than just a model. It’s a constellation of assets:

• Fine-tuned models and weights

• Tokenizers and vocabularies

• Training datasets

• Preprocessing and post-processing scripts

• Pipeline definitions and experiment results

• Metadata for auditing and explainability

• Security scanning and results

• Signing and attestation records

• Deployment definitions and observability hooks

• Custom dependencies or runtimes

These assets must be packaged, versioned, validated, and shared across teams and environments. But until now, doing this right has meant one of two things: building brittle internal tooling, or buying into a vendor’s closed platform.

There was no standardized, vendor-neutral way to bundle, sign, and track all these elements...and certainly not one designed to work with existing infrastructure and supply chain security practices.

We founded Jozu because we believed that had to change.

Introducing ModelPacks — and Their Roots in KitOps

ModelPacks are a new open specification hosted in the Cloud Native Computing Foundation (CNCF) for packaging all the components of an AI/ML project as OCI Artifacts.

If you’re familiar with Docker images, you already understand the power of OCI:

• Immutable, portable artifact packaging

• Built-in support for signing, attestations, and verification

• Native integration with registries and CI/CD tooling

• Reproducible on a laptop or in a massive datacenter with Kubernetes

ModelPacks extend this proven format to machine learning. They make it possible to encapsulate not just models, but entire AI workloads, into reproducible, auditable bundles.

By using OCI Artifacts rather than just containers, ModelPacks have another super-power - each asset is stored as a separate layer so you can pull only the pieces you need. This can be a huge time saver since AI/ML project assets are often well over 100GB.

And if you’ve used KitOps, this will sound familiar. KitOps’ ModelKits — already in production globally for over 18 months — are more than 95% aligned with the ModelPack spec (and soon will be 100% compatible). In fact, KitOps was the inspiration and technical foundation for the ModelPack initiative thanks to their shared author Gorkem Ercan (the CTO of Jozu).

Why Standards Matter (Especially Now)

Every foundational layer of modern computing — from USB to LDAP to Kubernetes — became transformative only after a common standard emerged.

We’re entering a new era in AI, one where the pressure to move fast is colliding with a wave of consolidation. Major vendors are racing to lock users into proprietary ecosystems. And as complexity grows, the cost of lock-in—and the risks of brittle tooling are getting higher.

That’s why we created the ModelPack specification in the CNCF with input from Red Hat, PayPal, ANTGroup, ByteDance, and others.

ModelPack offers:

• Vendor neutrality: you can move between platforms without starting over since ModelPack uses the existing and ubiquitous OCI standard

• Security and compliance: use the same tooling trusted for containers

• Composability and reuse: enable AI project teams to move faster and more safely, while collaborating at scale

• Transparency: know exactly what went into a project, when it was added and by whom, and store that information for as many years as needed

• Reproducibility: spin up the project on a laptop or deploy it to a cloud-scale cluster instantly and consistently

This is how we keep the AI ecosystem open, innovative, and trustworthy.

From Grassroots Tooling to Global Specification

Jozu’s journey started with a real-world problem: how do we ship secure, traceable AI packages into production environments?

We built KitOps as an open source tool to solve that problem, and along the way, developed the concept of ModelKits — self-contained, OCI-compliant bundles that define everything needed for AI workloads.

From the start our goal was to build a packaging and versioning system that could be the single-source-of-truth for any organization. Something that they wouldn’t need to throw out when they changed vendors. It *had* to be open source and we knew we’d have to donate it to an open source foundation so other vendors could be comfortable that their voice could influence its future as much as our own.

Less than a year after releasing KitOps (our baby) we were proud to see it become an official CNCF project.

As KitOps gained traction (over 100,000 downloads and counting), it became clear that this was a deep and unsolved need. Organizations across finance, telecom, and technology started adopting Kitops and vendors began to take notice.

To make this approach truly interoperable, we needed a vendor-neutral specification. With Jozu’s CTO, Gorkem Ercan, leading the charge and supported by Jozu’s Angel Misevski, and with contributors at Red Hat, PayPal, ANTGroup, and ByteDance — we formalized the ModelPack specification and submitted it to the CNCF.

With this CNCF Sandbox approval, we now have the open, neutral governance needed to grow the specification and its ecosystem.

The Danger of Open Washing (and Why KitOps Is Different)

In recent months, several vendors have launched OCI Artifact-based formats for AI models, inspired by KitOps. While it’s validating to see that recognition, we need to be honest: these formats are still tightly coupled to each vendor’s products.

They are not true standards. They’re features that are trying to use the OCI standard to imply a degree of interoperability that isn’t there.

KitOps — and the associated ModelPack specification — were designed from day one to be open, vendor-agnostic, and community-driven. We didn’t build tooling and then “open source” it. We built a reference implementation and invited the community to build the standard with us.

Some people think we’re crazy here at Jozu because the specification and standard *that we built* make it really easy for someone to switch away from Jozu if they decide they want a different tool. How does that protect our business?

Our answer is that the idea that you can hold onto customers by making it hard for them to leave is outdated and was always a bad-faith plan. Instead Jozu will happily compete with anyone to make the best, most enjoyable platform for our customers. If they love it, they’ll stay. If it’s not for them then we want them to be able to leave easily. After all, they may just come back!

That’s what made CNCF the right home for us. It’s not just about governance. It’s about preserving choice, transparency, and interoperability as foundational values for this next wave of AI infrastructure.

A Better Future for AI Projects

With the acceptance of ModelPacks as a specification standard in the CNCF, the AI/ML ecosystem now has:

• A reliable specification for packaging and sharing AI workloads

• Vendor-neutral governance and oversight for this industry standard

• A proven reference implementation (KitOps)

• A global community of contributors and adopters

This is how we help AI grow up stronger and healthier.

We want a world...

...where AI projects aren’t locked into walled gardens.

...Where teams can confidently share, validate, and reuse components.

...Where security and transparency are table stakes — not afterthoughts.

And that world is finally here!

The Role of Jozu and the Jozu Hub

At Jozu, we didn’t stop at building the open source tooling. We built the Jozu Hub — the first OCI-native registry optimized for AI metadata and integrity verification.

While any OCI-compliant registry can store ModelPacks, the Jozu Hub takes it further:

• Rich metadata and search

• Visible signing

• Easy version diff’ing

• Provenance tracking

• Tamper-proof logging and auditing

• Security and build attestations

• Automatically generated deployable containers

• 100% on-premises installation (even air-gapped if that’s your jam)

It’s purpose-built for organizations who need to trust what they deploy, but still move quickly.

Whether you’re a global enterprise, a national lab, or a startup shipping AI agents, the Jozu Hub lets you take full advantage of what ModelPacks and KitOps enable.

Thank You — and What’s Next

This moment wouldn’t be possible without the incredible work of:

• Gorkem Ercan, who authored the ModelPack spec

• Angel Misevski, who helped bring ModelKits into the world

• The global community of contributors from Red Hat, PayPal, ANTGroup, ByteDance, and beyond

To the KitOps users, early adopters, and Jozu customers who believed in this vision: thank you. You are why we continue to love our jobs.

Now, we invite the rest of the ecosystem—toolmakers, platform builders, researchers, and security teams to get involved:

• Adopt the ModelPack spec

• Use KitOps as your starting point

• Contribute ideas, extensions, and feedback

Let’s build an AI infrastructure that’s open, secure, and ready for the future.

ModelPacks are now part of the CNCF.

Let’s build shared greatness — together.