AI Supply Chain Risk — Third-Party Models & Vendors

Most organisations no longer build AI models from scratch. They rely on pre-trained foundation models, open-source libraries, third-party APIs, and cloud AI services. Each of these introduces supply chain risk — the possibility that a vulnerability, backdoor, or compromise in an upstream component affects your downstream systems.

The Dimensions of AI Supply Chain Risk

• ◆Pre-trained model risk — Open-source models downloaded from repositories like Hugging Face may contain embedded backdoors. Researchers have demonstrated this is not theoretical: poisoned models have been uploaded to public repositories and downloaded thousands of times before detection.
• ◆Dependency risk — AI frameworks (PyTorch, TensorFlow, scikit-learn) and their dependencies carry traditional software supply chain risks: malicious packages, typosquatting, compromised maintainer accounts.
• ◆Third-party data risk — Datasets sourced from external providers may be poisoned, biased, or contain content that creates legal liability.
• ◆API vendor risk — If you rely on a third-party AI API (OpenAI, Anthropic, Azure AI, Google Vertex), that vendor's security posture, uptime, and model behaviour directly affects your systems.

Third-Party AI Vendor Due Diligence

When evaluating AI vendors, go beyond the standard security questionnaire. Specific questions to ask:

• ◆Is my data used to train your models? Under what terms?
• ◆What happens to my data if I terminate the contract?
• ◆Do you hold SOC 2 Type II, ISO 27001, or equivalent certification?
• ◆What is your model update cadence — and how do you notify me when underlying model behaviour changes?
• ◆Do you conduct adversarial testing on your models before updates?
• ◆What are your data residency and sovereignty commitments?