AI Supply Chain Attack
An AI supply chain attack targets the AI development supply chain: publicly shared model weights, LoRA adapters, GGUF quantizations, or datasets on platforms like HuggingFace are compromised with backdoors or hidden behaviors. A poisoned model can execute malicious actions when it receives a specific trigger, exfiltrate data, or generate harmful outputs at the attacker's request. The analogy to SolarWinds-style attacks on traditional software is direct: the artifact appears legitimate but contains hidden payloads.
In practice
A developer downloading models from public repositories should verify the officially published SHA256 checksums and prefer models with digital signatures or verified provenance. Before using a model in production, it is good practice to run automated security evaluations (e.g., with tools like ModelScan or Protect AI Guardian) that analyze weights for suspicious patterns. For enterprise teams, maintaining an internal registry of approved artifacts and disallowing direct Internet downloads during deployment significantly reduces the attack surface.
Related terms
Seen in the wild
0 entries mentioning itNo archive entry mentions it explicitly. Appears in broader contexts.