Supply Chain Compromise

supply-chaindependencythird-partymodel-integrity

Malicious or vulnerable dependencies, pre-trained models, or third-party services introduce risk into the AI system.

Technical Details
Affected Components:
Language Models (LLMs)Tool Integration Frameworkskc7.2
Impact Level:High
Attack Vectors
  • Malicious Model: Pre-trained model is backdoored or poisoned. [High]
  • Dependency Vulnerability: Vulnerable library or service introduces exploit path. [Medium]
  • Update Hijacking: Attacker compromises model or dependency update process. [Medium]
Impact Analysis
Risk Score: 8/10
Mitigation Categories
References