Leveraging Generative AI for Intelligent Code 
Signing and Tamper Detection

Karthikeyan Thirumalaisamy

doi:https://doi.org/10.14445/22312803/IJCTT-V73I11P106

Research Article | Open Access | Download PDF

Volume 73 | Issue 11 | Year 2025 | Article Id. IJCTT-V73I11P106 | DOI : https://doi.org/10.14445/22312803/IJCTT-V73I11P106

Leveraging Generative AI for Intelligent Code Signing and Tamper Detection

Karthikeyan Thirumalaisamy

Received	Revised	Accepted	Published
20 Sep 2025	28 Oct 2025	15 Nov 2025	29 Nov 2025

Citation :

Karthikeyan Thirumalaisamy, "Leveraging Generative AI for Intelligent Code Signing and Tamper Detection," International Journal of Computer Trends and Technology (IJCTT), vol. 73, no. 11, pp. 37-42, 2025. Crossref, https://doi.org/10.14445/22312803/IJCTT-V73I11P106

Abstract

Code signing is a fundamental tool for establishing trust and integrity in today's software ecosystems. However, as traditional code-signing methods are largely static, these methods only provide a guarantee based on the certificate issuer and validity at the time of signing, without regard to the contextual behavior associated with the signing process. As such, they are vulnerable to various factors, such as insider abuse, unauthorized access to signing keys, and post-signing tampering. This paper presents a novel paradigm - Leveraging Generative AI for Intelligent Code Signing and Tamper Detection - which is built on an AI-based Trust Graph framework. The proposed work utilizes Generative Artificial Intelligence (Generative AI) and Graph Neural Networks (GNNs) to model the dynamic relationships between the developers, the repositories, the certificates, and the binaries, allowing for the detection of abnormal signing behavior patterns that may indicate compromise. The system continuously analyzes behavioral patterns as well as provenance-type data to achieve AI-based trust scoring and contextual anomaly detection to uncover instances of unauthorized use of keys, insider tampering, and subtle compiler-related or code modification instances, which are typically missed by static methods. The adaptive trust ecosystem enhances both the integrity of the software and resilience in the software supply chain, and clearly demonstrates the way in which generative AI can bridge the gap between traditional authenticity verification and real-time threat mitigation.

Keywords

Code Signing, Generative AI, Code Integrity, Supply Chain Security, Insider Threats, AI Security, GNN.

References

[1] Tiantian Ji et al., “Scrutinizing Code Signing: A Study of in-Depth Threat Modeling and Defense Mechanism,” IEEE Internet of Things Journal, vol. 11, no. 24, pp. 40051-40069, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Adrian Brodzik, and Wojciech Mazurczyk, “AI Model Signing for Integrity Verification,” 2025 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), 2025.
[CrossRef] [Publisher Link]
[3] Platon Kotzias et al., “Certified PUP: Abuse in Authenticode Code Signing,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 465–478, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Doowon Kim, Bum Jun Kwon, and Tudor Dumitras, “Certified Malware: Measuring Breaches of Trust in the Windows Code-signing PKI,” Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1435–1448, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Digicert, What is Code Signing?. [Online]. Available: https://www.digicert.com/faq/code-signing-trust/what-is-code-signing
[6] Microsoft, Use Code Signing for Added Control and Protection with App Control for Business. [Online]. Available: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/deployment/use code-signing-for-better-control-and-protection
[7] AWS, Using Code Signing to Verify Code Integrity with Lambda. [Online]. Available: https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html
[8] Microsoft, Platform Code Integrity. [Online]. Available: https://learn.microsoft.com/en-us/azure/security/fundamentals/code-integrity
[9] Microsoft, Code Integrity Checking. [Online]. Available: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/code integrity-checking
[10] Qodo, Code Integrity. [Online]. Available: https://www.qodo.ai/glossary/code-integrity/
[11] IBM, What is a GNN (Graph Neural Network)?. [Online]. Available: https://www.ibm.com/think/topics/graph-neural-network
[12] Nvidia Developer, Graph Neural Network Frameworks. [Online]. Available: https://developer.nvidia.com/gnn-frameworks
[13] Amal Menzli, Graph Neural Network and Some of GNN Applications: Everything You Need to Know, 2025. [Online]. Available: https://neptune.ai/blog/graph-neural-network-and-some-of-gnn-applications
[14] Yasmine karray, Explainable AI for Graph Neural Networks, 2024. [Online]. Available: https://medium.com/@ykarray29/explainable ai-for-graph-neural-networks-a4b89c89983a
[15] Dan Shalev, Can Graph Neural Networks Actually Help With LLM Hallucinations?, 2025. [Online]. Available: https://www.falkordb.com/blog/graph-neural-networks-llm-integration/
[16] Shohil Kothari, Graph Neural Networks and Generative AI, 2023. [Online]. Available: https://www.fiddler.ai/blog/graph-neural networks-and-generative-ai