Understanding AI Supply Chains
Premium roomExplore how AI's dependency on external models, datasets, and packages creates attack surfaces.
easy
60 min
2,128
To access material, start machines and answer questions login.
Every time you use Claude, ChatGPT, GitHub Copilot, or any -powered product, you are trusting a model trained somewhere, on some data, by someone you have never verified. Every link in that chain is a decision you didn't make, by someone you didn't vet, on infrastructure you don't control.
Imagine you find a model you can download locally that does exactly what you need. The page looks professional: thorough documentation, a credible-sounding organisation name, thousands of downloads. You run model.load(). The model works perfectly. What you don't see is that before any prediction ran, it opened a reverse shell to an attacker's server. You now have a stranger with remote access to your system.
This isn't hypothetical. In 2024, security researchers found over 100 models on Hugging Face (the largest public platform for sharing models, often called the GitHub of ) that did exactly this; they were functional, legitimate-looking, and capable of executing arbitrary code the moment they were loaded.
This is what makes supply chain attacks so effective: they exploit trust. You trust model repositories the same way you trust package managers like npm or PyPI. That trust, when misplaced, hands attackers a direct path into your systems. This room introduces the fundamentals of supply chains. You will learn what they are, why they differ from traditional software supply chains, and where attackers target them. By the end, you will have a clear mental map of the supply chain threat landscape before we move into Supply Chain Attack Vectors and Securing the Supply Chain rooms.
Learning Objectives
- Explain what an supply chain is and how it differs from a traditional software supply chain
- Identify the four key components of an supply chain (models, datasets, frameworks, dependencies)
- Map the attack surface across model, dependency, data, and infrastructure layers
- Recognise real-world supply chain incidents and the trust relationships they exploited
Prerequisites
- Completed the / Security Threats room, or equivalent familiarity with / concepts
- Completed the Secure Systems module of the broader Security path, or have an equivalent understanding of system architecture
- Basic comfort with the command line can be achieved by completing the Fundamentals Part 1 room
- Basic Python knowledge (no expertise required)
Framework Alignment
- Top 10: LLM03 (Supply Chain Vulnerabilities)
- : AML.T0010 ( Supply Chain Compromise)
I'm ready to learn about AI supply chains!
Ready to learn Cyber Security?
The Understanding AI Supply Chains room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in