Supply Chain Compromise

AI systems often depend on components such as datasets, pretrained models, libraries, and hardware platforms, that can be compromised at any point in the supply chain. When these components are modified or maliciously crafted by adversaries, they may introduce backdoors, performance issues, or unauthorized access mechanisms. Even components previously verified as safe can become vulnerable through version updates or indirect dependencies. A compromised supply chain not only affects model integrity and functionality but also exposes systems to broader security threats such as data leakage, malware insertion, and model theft. Ongoing verification, monitoring, and strict control of third-party components are crucial to mitigating this risk.

Agent Supply Chain and Dependency Attacks exploit the complex ecosystem that AI agents rely on, including models, datasets, libraries, and APIs. These attacks are especially dangerous in agentic systems, where autonomous agents may unknowingly propagate compromised components across environments or collaborate with other agents based on false assumptions. The interconnected and recursive nature of agents makes them particularly vulnerable to cascading failures and covert manipulation introduced through the supply chain.

- GAO: SolarWinds Cyberattack - A campaign of cyberattacks, now identified to be perpetrated by the Russian Foreign Intelligence Service, breached the computing networks at SolarWinds, a Texas-based network management software company. The threat actor first conducted a “dry run,” injecting test code into SolarWinds’ network management and monitoring suite of products called Orion. Then, beginning in February 2020, the threat actor injected trojanized (hidden) code into a file that was later included in SolarWinds’ Orion software updates.