Dual-Use Attestations: A Verifiable Disclosure Primitive for Militarization-Risk Governance in ML Research

Dual-use repurposing of machine learning (ML) artifacts (papers, code, datasets, weights) into military and surveillance contexts is widely discussed in policy and civil society, yet there is no standardized, verifiable disclosure mechanism embedded in mainstream ML research dissemination. We propose Dual-Use Attestations: a governance primitive that binds structured, minimum-elements militarization-risk disclosures to ML artifacts via signed supply-chain attestations and append-only transparency logs. Our approach is intentionally non-operational: it does not optimize weapons, nor adjudicate legal compliance. Instead, it makes author risk-positioning and release-surface choices machine-readable, tamper-evident, and auditable at scale, leveraging emerging AI supply-chain standards (CycloneDX/ECMA-424 ML-BOM; OWASP AIBOM; SPDX AI-BOM) and established provenance tooling (in-toto/SLSA, Sigstore/Rekor, Certificate Transparency). We provide a meticulous documentary analysis crosswalking standards, conference governance scaffolding, and dual-use oversight precedents from other fields.