Supply Chain Attack

An attack that targets the tools, libraries, datasets, or third-party components used to build or deploy an AI system, compromising it indirectly through a trusted dependency rather than attacking it directly. AI supply chains are complex and often involve open-source libraries, pre-trained models, and external data sources, each of which represents a potential vector for introducing malicious code or corrupted components.