ai-supply-chain
Safeguard articles tagged "ai-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
18 articles
What Is an AIBOM (AI Bill of Materials)? A 2026 Primer
An SBOM tells you what code you ship. An AIBOM answers the question that has no good answer today: what models, datasets, and prompts is our AI actually built on — and where did they come from?
AI Supply Chain Security: Securing Models and Datasets
Your AI supply chain is not just your npm dependencies anymore. It is the models you download, the weights you load, and the datasets you train on — and each is an attack surface most software security programs have never inventoried.
Securing Hugging Face Models: A Practical Safety Guide
Hugging Face is the npm of machine learning, and it inherits npm's problems. Malicious weights, pickle payloads, and leaked Space secrets are all live risks — here is how to pull models safely.
AI Model Supply Chain Attacks: How Weights Become Malware
You would never run an unknown binary from a stranger, but teams pull unknown model weights off public hubs every day. Loading them can be code execution — and that is only the most obvious link in the chain.
CAISI's May 2026 Frontier Model Testing Agreements: Pre-Deployment Evaluation Becomes a Supply-Chain Control
On May 5, 2026, NIST's CAISI signed pre-deployment evaluation agreements with Google DeepMind, Microsoft, and xAI, bringing five frontier labs into a government testing program covering cyber, bio, and chemical risk.
When the Vulnerability Is the Design: MCP STDIO Command Injection Across 150M Downloads (May 2026)
OX Security documented command injection through the MCP STDIO transport across Python, TypeScript, Java, and Rust SDKs. Anthropic calls the behavior by-design and won't patch upstream. That leaves the fix to thousands of downstream projects.
Protecting GenAI: OWASP Top 10 for LLMs
OWASP's Top 10 for LLM Applications reframes AI risk around prompt injection, data poisoning, and supply chain gaps that container-only tools like Aqua can't reach.
AI Bill of Materials (ML-BOM) Standards in 2026
A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.
What is LLM Security
LLM security protects model weights, prompts, outputs, and the AI supply chain from injection, leakage, and compromise—here's what it covers and how to defend it.
Direct vs Indirect Prompt Injection
Direct and indirect prompt injection are different attack vectors with different blast radii. Real 2025 CVEs like EchoLeak show why the distinction matters.
NIST SSDF 1.2 Draft: What the Comment Period Revealed
NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.
CycloneDX ML-BOM in 1.7: Implementation Guide
CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.