What is OWASP LLM03 (2025) Supply Chain?
LLM supply chain risk is everything you did not build yourself: base models, fine-tunes, embedding providers, plugins, and agent tool servers. A compromised or silently updated dependency can change behavior overnight.
What this looks like in production
A poisoned PyPI package in your inference layer, a typosquatted MCP server, or a model version bump that removes a safety behavior you assumed was still there. You ship the integration; you own the blast radius.
What teams usually do about it
- Maintain an AI-BOM and pin versions you actually tested.
- Verify provenance before production and after every upstream update.
- Vet third-party tools with the same rigor as production code dependencies.
Further reading on Giskard