Direct model file loading, such as torch.load('model.pt') or joblib.load('model.pkl'), bypasses the model registry entirely and breaks the traceability chain. If a model is loaded directly from the file system rather than through the registry, the composite version identifier may not reflect the actual model being served, the version pinning control is circumvented, and the integrity verification (hash check at load time) is skipped.

The Semgrep rule for model registry bypass detection flags direct loading function calls for common ML frameworks: torch.load, joblib.load, pickle.load, tf.saved_model.load, and keras.models.load_model. The rule produces an error-level finding (not merely a warning), because registry bypass is a structural compliance risk rather than a stylistic concern.

The rule directs the developer to load models through the registry client (for example, mlflow.pyfunc.load_model), which ensures that the model is loaded from the registry, the version is recorded, and the integrity hash is verified. This control is version-controlled in the Semgrep configuration and enforced in both pre-commit hooks and the CI pipeline.

Key outputs

• Semgrep rule for model registry bypass detection (error severity)
• Developer guidance directing model loading through the registry client
• Integration with pre-commit hooks and CI pipeline
• Module 10 and Module 3 documentation