ml-supply-chain
Safeguard articles tagged "ml-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
20 articles
vLLM CVE-2025-66448: Auto-Map RCE via Model Configs
A critical RCE in vLLM allows malicious model configs to bypass trust_remote_code=False. We analyze the bug, the patch, and what every vLLM operator should do.
ShadowMQ: 30+ RCE Flaws Across AI Inference Engines
Oligo Security disclosed ShadowMQ in November 2025: ZeroMQ-and-pickle deserialization patterns copy-pasted across vLLM, Meta Llama, TensorRT-LLM, and others. We dissect the pattern.
Training Data Provenance for Enterprise Fine-Tuning
Fine-tuning corpora are supply chain artifacts. We cover the provenance signals, attestations, and drift controls enterprises need before pushing weights to prod.
Embedding Model Supply Chain Risks
Embedding models are the silent dependency under every RAG system. We cover poisoning, deprecation, and provenance gaps that break retrieval in production.
PyTorch CVE-2025-32434: weights_only=True No Longer Safe
A critical PyTorch RCE bypassed the safety property of torch.load(weights_only=True). We analyze the bug and explain why safetensors should now be the default.
OpenSSF Model Signing v1.0: Sigstore for ML
OpenSSF launched Model Signing v1.0 in April 2025 with Sigstore integration. NVIDIA NGC adopted it the same month. We explain what it signs, how to verify, and where the gaps are.
nullifAI: Broken Pickles and the Hugging Face Detection Gap
ReversingLabs disclosed two malicious Hugging Face models that evaded Picklescan by using broken 7z-packed PyTorch archives. We unpack the technique.
AI Supply Chain Attacks: Emerging Threats in Model and Data Pipelines
As organizations adopt AI at scale, the AI/ML supply chain is becoming a new attack surface. From poisoned models to compromised training data, the threats are real and growing.