---
id: "entity-slsa-framework"
type: "entity"
source_timestamps: ["§ What Leaders Should Do", "¶15"]
tags: ["software-supply-chain", "security", "provenance"]
related: ["action-extend-provenance", "prereq-slsa", "framework-ai-accountability"]
entityType: "tool"
canonicalName: "SLSA (Supply-chain Levels for Software Artifacts)"
aliases: ["SLSA", "Supply-chain Levels for Software Artifacts"]
sources: ["futures"]
sourceVaultSlug: "hbr-seg-futures"
originDay: 2
articleStem: "hbr-cl-84-big-tech-capability-crisis"
sourceUrl: "https://hbr.org/2026/06/big-techs-looming-capability-crisis"
sourceTitle: "Big Tech’s Looming Capability Crisis"
---
# SLSA Framework

## SLSA Framework

**Supply-chain Levels for Software Artifacts (SLSA).** A framework that records how software artifacts are produced.

**Role in source:** the recommended vehicle for [[action-extend-provenance|extending software provenance]]. The authors propose extending SLSA so that every shipped module carries metadata recording **which AI tools touched the code, who reviewed it, and who signed off** — Step 1 of the [[framework-ai-accountability|mitigation framework]]. Understanding it is a stated [[prereq-slsa|prerequisite]].

> Enrichment canonical reference: *Supply-chain Levels for Software Artifacts*, a software provenance and supply-chain security standard; the source recommends extending it to capture AI tool usage and human sign-off.
