Tag
#supply-chain
12 posts tagged supply-chain.
- disclosure
LLM Security Risks: The 2025 Threat Landscape for AI Deployments
A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation
- disclosure
Machine Learning Security: Attack Taxonomy, CVEs, and Defenses
A technical overview of machine learning security threats in 2026: NIST's adversarial ML taxonomy, MITRE ATLAS attack classes, the CVE-2025-62164 vLLM
- analysis
LLM Security Risks: A Practitioner's Field Guide for 2025
A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation
- guide
Machine Learning Security Across the Pipeline: Data to Deployment
Machine learning security vulnerabilities enter at every stage — data ingestion, model training, artifact storage, and inference.
- incident-review
Compromised Models on Hugging Face: Pickle Exploits in the Hub
Malicious actors have uploaded model files to Hugging Face containing pickle payloads that execute code on download.
- incident-review
Hugging Face Security Incidents: Malicious Models and Token Theft
A review of documented security incidents on the Hugging Face platform, including malicious model uploads, the 2024 Spaces infrastructure breach, and the
- advisory
Model File Format Flaws: Pickle, ONNX, and SafeTensors
Unsafe deserialization in PyTorch's pickle-based format has enabled malicious model distribution for years. This post explains how pickle exploitation
- disclosure
AI Security: Attack Categories, Defense Gaps, and How to Respond
A practitioner guide to the four core attack categories against AI/ML systems — from adversarial inputs to supply chain compromise — with mitigation
- digest
Weekly AI Security Digest — May Week 2, 2026
Top five AI security developments from May 5-9, 2026: CISA guidance on AI in critical infrastructure, new prompt injection research, LLM supply chain
- cve-roundup
AI/ML CVE Roundup: May 2026 — What Got Patched
A summary of AI and ML-adjacent CVEs disclosed in early–mid 2026 across model serving frameworks, LLM API gateways, agent SDKs, and ML training libraries.
- deep-dive
LLM Supply Chain Poisoning: Training Data Attacks and Backdoors
Training data poisoning and model supply chain attacks are among the hardest AI threats to detect. This post explains how they work, what public research
- cve
CVE-2026-7669: Deserialization Flaw in SGLang's Tokenizer Loader
A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure