Safeguard
Tag

ml-supply-chain

Safeguard articles tagged "ml-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

20 articles

AI Security

vLLM CVE-2025-66448: Auto-Map RCE via Model Configs

A critical RCE in vLLM allows malicious model configs to bypass trust_remote_code=False. We analyze the bug, the patch, and what every vLLM operator should do.

Nov 22, 20257 min read
AI Security

ShadowMQ: 30+ RCE Flaws Across AI Inference Engines

Oligo Security disclosed ShadowMQ in November 2025: ZeroMQ-and-pickle deserialization patterns copy-pasted across vLLM, Meta Llama, TensorRT-LLM, and others. We dissect the pattern.

Nov 19, 20257 min read
AI Security

Training Data Provenance for Enterprise Fine-Tuning

Fine-tuning corpora are supply chain artifacts. We cover the provenance signals, attestations, and drift controls enterprises need before pushing weights to prod.

Nov 18, 20255 min read
AI Security

Embedding Model Supply Chain Risks

Embedding models are the silent dependency under every RAG system. We cover poisoning, deprecation, and provenance gaps that break retrieval in production.

Oct 18, 20255 min read
AI Security

PyTorch CVE-2025-32434: weights_only=True No Longer Safe

A critical PyTorch RCE bypassed the safety property of torch.load(weights_only=True). We analyze the bug and explain why safetensors should now be the default.

May 22, 20257 min read
AI Security

OpenSSF Model Signing v1.0: Sigstore for ML

OpenSSF launched Model Signing v1.0 in April 2025 with Sigstore integration. NVIDIA NGC adopted it the same month. We explain what it signs, how to verify, and where the gaps are.

May 8, 20257 min read
AI Security

nullifAI: Broken Pickles and the Hugging Face Detection Gap

ReversingLabs disclosed two malicious Hugging Face models that evaded Picklescan by using broken 7z-packed PyTorch archives. We unpack the technique.

Feb 10, 20256 min read
Supply Chain Security

AI Supply Chain Attacks: Emerging Threats in Model and Data Pipelines

As organizations adopt AI at scale, the AI/ML supply chain is becoming a new attack surface. From poisoned models to compromised training data, the threats are real and growing.

Aug 5, 20247 min read
ml-supply-chain (Page 2) — Safeguard Blog