Close-up digital art of a human eye with binary code (0s and 1s) integrated into the iris and surrounding area.

AI Supply Chain Attacks Are A Pervasive Threat

Posted on by Brian Colwell

That artificial intelligence tools, especially LLMs and generative systems, are transforming industries is obvious. What isn’t obvious to most is the level of risk in integrating these tools into critical business management frameworks and relying on them for essential business functions.

In fact, the Open Worldwide Application Security Project (OWASP), a nonprofit organization focused on LLM security risk education, highlights a “Top 10” list of LLM security risks for 2025 that includes: Prompt Injection, Sensitive Information Disclosure, Supply Chain, Data Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector and Embedding Weaknesses, Misinformation, and Unbounded Consumption. 

Today, we dive into AI supply chain attacks – one of the most pervasive and rapidly evolving cybersecurity threats of our time.

Data Rolls Downstream – And So Do Compromises

Unlike traditional cyberattacks, which strike at deployed applications, AI supply chain attacks typically occur before systems reach production and compromise the upstream elements and foundational components of artificial intelligence systems:

Supply chain attacks exploit the very openness that makes modern AI possible, targeting collaborative platforms, shared tooling, and public repositories with open-source libraries, datasets, APIs, and pre-trained models. 

Referred to as “dependency tampering”, vulnerabilities in widely-used libraries and specialized frameworks, such as TensorFlow and PyTorch, can be used to infect thousands of downstream projects with malicious code, backdoors, or poisoned data that propagate undetected across interconnected environments. 

Vulnerabilities In Supply Chain Components

Not only that, but supply chain attacks find a plethora of vulnerabilities in cloud-based environments, in particular – which present attack surfaces through insecure configurations, mismanaged API endpoints, and weak authentication mechanisms – while CI/CD pipelines and DevOps tools become prime targets where attackers can exploit the automated nature of model updates in order to inject unauthorized changes just before deployment. 

Further, supply chain attacks can hijack autonomous agents in order to redirect workflows and business logic, register packages hallucinated by LLMs (“slopsquatting” attacks), and exploit flaws in communication between AI system components (“flowbreaking” attacks). 

In addition, typically limited security controls in continuous integration processes, combined with often insufficient testing for detecting malicious modifications, create perfect conditions for supply chain compromises and the opportunity to stealthily insert new vulnerabilities.

Supply Chains Presents Multiple Opportunities

During Development:

  • Compromised development environments
  • Malicious insiders with access to training infrastructure
  • Third-party training services

During Distribution:

  • Tampered model repositories
  • Man-in-the-middle attacks during model download
  • Compromised CDNs or model hubs

During Deployment:

  • Poisoned fine-tuning data
  • Malicious model updates
  • Compromised continuous learning pipelines

Real Attacks Cause Real Damage

As a case in point on the pervasiveness of the threat, in 2023, employees of both Samsung and Amazon accidentally leaked proprietary company information through ChatGPT, while Hugging Face suffered an infamous API token leak in which over 1,600 leaked API tokens compromised the accounts of 723 organizations – including those of major tech firms – with many of the tokens having write access. 

Examples of AI supply chain attacks in 2024 include the PyPI malware campaigns, in which JarkaStealer malware, disguised as an AI chatbot tool, was downloaded over 1,700 times across more than 30 countries, and the attack on Ultralytics YOLO AI, which was compromised with cryptomining malware injected into an open-source image recognition model, affecting thousands of users. 

And, already in 2025, experts report a 30% increase in supply chain breaches over last year.

Global Adoption Continues

in 2024 over 80% of enterprises were using AI, according to reports from Synthedia, Vention, and MenloVC, with approximately 60% to over 70% of organizations using open-source or third-party elements – such as datasets, libraries, and pre-trained models – in at least half of their AI/ML projects, according to sources such as McKinsey, Andreesen Horowitz, and Anaconda

In addition, about 42% of enterprise-scale organizations (over 1,000 employees) surveyed by IBM in 2024 used AI actively in their businesses, while 49% of technology leaders in PwC‘s Pulse Survey said that AI was “fully integrated” into their companies’ core business strategy. 

Further, despite the security concerns and ethical dilemmas of AI usage, 63% of organizations intend to adopt AI globally within the next three years, according to National University, while 58% of companies plan to increase their AI investments over the next year and, by 2030, 30% of work hours across the US economy could be automated with AI, according to Hostinger. It’s hard to argue that these growth trends will not continue as enterprises seek greater control, customization, and cost efficiency in their AI stacks.

Thanks for reading!