LLM03: Supply Chain

It is no secret that in 2025, AI is both the biggest advancement and biggest risk in the cyber landscape. LLMs are rising in popularity and with this rise comes a parallel increase in incidents. AI security is still largely misunderstood, but the OWASP LLM Top 10 is a great resource on the biggest risks in the space and how to mitigate them.

What is a Supply Chain Vulnerability?

LLMs require a lot of groundwork to get them up and running. Part of this process includes third-party applications that help connect different components of the LLM, feed it data, etc. However, with these components come risks, as each part is open to its own host of vulnerabilities.

Types of Vulnerabilities

There are a variety of different risks that fall under the category of supply chain vulnerabilities.

1. Traditional Third-Party Package Vulnerabilities: these can include third-party applications with outdated components left vulnerable to exploitation. 
2. Licensing Risks: a common risk we see in the space is that developers do not realize some of their data falls under different licensing or compliance requirements. In addition to this, third-party packages also have their own licensing, such as source code licenses and more. When developers have to keep track of all these different licenses, it is easy for things to fall through the cracks, leading to compliance issues and/or vulnerabilities.
3. Vulnerable Pre-Trained Models: these models are binary black boxes and offer limited security capabilities. Like open-source software, pre-trained models often contain vulnerabilities that developers may not be aware of.
4. Weak Model Provenance: since AI security is still a fairly new concern, there are currently no established provenance assurance standards. Because of this, attackers can compromise supplier accounts or find other ways to insert malicious content into the supply chain using social engineering.
5. Vulnerable LoRA adapters: the Low-Rank Adaptation, or “LoRA” method can make development more efficient, but also introduces new risks. This is because it works by only training a small number of new parameters, rather than the entire model, which saves time but can lead to unpredictable results down the line.
6. Exploit Collaborative Development: model merge and model handling subjects, such as conversions introduce even more vulnerabilities to the LLMs involved. Services such as conversion bot and others similar to it have also been found to create new risks.
7. LLM Model on Device: repackaged LLMs that work on smaller devices and applications often come with new risks that users and developers did not expect.
8. Unclear T&Cs and Policies: when the terms and conditions and data privacy policies are not expressly stated, this can cause confusion and lead to misconfigurations, sensitive information exposure, and risking copyright infringement and more due to murky compliance and licensing requirements.

Mitigation Methods

Most of the mitigation measures recommended to prevent Supply Chain Vulnerabilities boil down to thoroughly vetting and checking all third-party sources and suppliers, using the most up-to-date versions of every software, and staying on top of compliance requirements and more by educating both developers and security teams about their terms, conditions, and similar documentation. 

Evaluate each third-party model provider by a set of carefully selected criteria to minimize new risks. Implement strict monitoring on third-party LLMs for any irregularities or vulnerabilities.

A detailed inventory can also help developers and security teams keep track of the requirements, terms and conditions, security features, and data privacy policies of each model. Compiling all this information into one central, organized space is critical for ensuring everyone involved stays on the same page.

Other typical mitigation strategies such as encryption, patching policies, and more can also help security teams stay on top of supply chain vulnerabilities.

Bottom Line

Supply chain vulnerabilities are potentially a huge risk when it comes to LLM adoption. LLMs are complicated to develop, and given the intense competition and speed of evolution, developers may take shortcuts such as using third-party models, repackaged LLMs on devices, and others that can introduce new risks.

Supply chain vulnerabilities can refer to a wide range of risks introduced from third-party model vulnerabilities, data quality, licensing issues, outdated models, and more. Essentially, a supply chain vulnerability is any vulnerability that occurs in the process of creating an LLM.

Mitigation techniques for supply chain vulnerabilities range from researching third-party models, gathering information into an inventory, vetting each new model, and avoiding things like outdated models, poorly repackaged LLMs on devices, and more.

Stay tuned for our next installment on this series next week, where we’ll be deep-diving LLM04: Data and Model Poisoning.

If you want to see how FireTail can help you with your AI security posture, schedule a demo or start using our free tier, today!