LLM03
Supply Chain Vulnerability Illustration

BONUS TECH DECODER

Supply Chain: All the parts, code, and models that come together to build your AI system, like ingredients in a recipe.
Pre-trained Models: Ready-made AI "brains" that developers can use instead of building everything from scratch.
Dependencies: Outside code your system relies on to work properly, like apps needing other apps to function.

🧠 WHAT IS IT?

Supply Chain vulnerabilities occur when security issues exist in the components, libraries, or pre-trained models used to build an AI system. It's like buying a car that was assembled using defective parts – the entire vehicle inherits weaknesses from its components, creating security risks you might not even know exist.

🔍 HOW IT HAPPENS

  • Organizations use pre-trained models or libraries without sufficient security vetting
  • These third-party components may contain undiscovered vulnerabilities or deliberate backdoors
  • Updates to dependencies might introduce new security issues without warning
  • The complex network of dependencies makes it difficult to track all potential vulnerability sources

🚨 WHY IT MATTERS

Confidentiality C
Integrity I
Availability A
Supply chain vulnerabilities can affect numerous systems simultaneously and may be extremely difficult to trace to their source. They can create widespread security gaps across entire AI ecosystems, potentially compromising all applications built on affected components.

🛡️ HOW TO PREVENT IT

  • Create a comprehensive inventory of all components in your AI supply chain
  • Implement a rigorous security assessment process for third-party models and libraries
  • Use software composition analysis tools to identify known vulnerabilities in dependencies
  • Develop a responsible update strategy that includes security testing before deploying changes
3/10