Supply Chain Vulnerabilities
Compromised third-party datasets, models, or plugins.
What are Supply Chain Vulnerabilities?
Supply Chain Vulnerabilities in LLM applications arise when the application relies on compromised third-party components, such as:
- Pre-trained Models: Using a model from a public repository that has been backdoored or poisoned.
- Datasets: Training on datasets that contain malicious data or biases.
- Plugins/Extensions: Integrating with third-party plugins that have security flaws or malicious intent.
Attackers can compromise the supply chain to steal data, inject malicious behavior, or gain unauthorized access to the system.