OWASP LLM03 (2025) Supply Chain

What is OWASP LLM03 (2025) Supply Chain?

LLM supply chain risk is everything you did not build yourself: base models, fine-tunes, embedding providers, plugins, and agent tool servers. A compromised or silently updated dependency can change behavior overnight.

What this looks like in production

A poisoned PyPI package in your inference layer, a typosquatted MCP server, or a model version bump that removes a safety behavior you assumed was still there. You ship the integration; you own the blast radius.

What teams usually do about it

  • Maintain an AI-BOM and pin versions you actually tested.
  • Verify provenance before production and after every upstream update.
  • Vet third-party tools with the same rigor as production code dependencies.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox