Skip to main content

LLM Supply Chain Vulnerabilities

Description

Large Language Models (LLMs) are powerful tools that can be used to generate text, code, and other content. However, they can be vulnerable to supply chain attacks. The supply chain in LLMs can be vulnerable, impacting the integrity of training data, ML models, and deployment platforms. These vulnerabilities can lead to biased outcomes, security breaches, or even complete system failures.

Remediation

To prevent supply chain vulnerabilities, it is crucial to: - Carefully vet data sources and suppliers, including their privacy policies and security practices. - Use reputable plug-ins and ensure they have been tested for your application requirements. - Maintain an up-to-date inventory of components using a Software Bill of Materials (SBOM). - Apply MLOps best practices and use secure model repositories with data, model, and experiment tracking. - Implement anomaly detection and adversarial robustness tests on supplied models and data. - Conduct thorough security testing and regularly review and audit supplier security and access.

Configuration

Identifier: injection/llm_supply_chain_vulnerabilities

Examples

Ignore this check

checks:
injection/llm_supply_chain_vulnerabilities:
skip: true

Score

  • Escape Severity: HIGH

Compliance

  • OWASP: API8:2023
  • OWASP LLM: LLM05:2023
  • pci: 6.5.1
  • gdpr: Article-32
  • soc2: CC6
  • psd2: Article-95
  • iso27001: A.12.2
  • nist: SP800-53
  • fedramp: SI-3

Classification

  • CWE: 1195

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • CVSS_SCORE: 5.0

References