.svg)
.png)
Of all the threats that can affect Large Language Models (LLMs), supply chain vulnerabilities are among the most insidious.
Unlike isolated security issues, supply chain vulnerabilities can compromise multiple components and systems, leading to widespread and systemic security failures. Even worse, they’re often not visible until they are exploited.
In the context of LLMs, software supply chain vulnerabilities are potential risks and weaknesses that can arise from the various components and stages involved in the development, deployment, and maintenance of these models. These vulnerabilities are an attractive target for malicious actors seeking to compromise the security, integrity, and functionality of the LLMs.
This is one of the key categories of GenAI risk defined in the OWASP Top 10 for LLMs, which advises strict security audits as a way to mitigate supply chain risks (more on this later).
These vulnerabilities can be internal or external in origin. Addressing both types is essential to building a comprehensive security strategy.
Internal vulnerabilities originate within an organization's own systems, processes, or in-house developed software. These vulnerabilities are under the direct control of the organization and can be managed through internal policies, secure coding practices, and regular audits.
External vulnerabilities, on the other hand, stem from third-party software, libraries, services, or components that the organization relies on but does not control directly. These require careful vendor management, regular security assessments, and robust third-party risk management practices.
Supply chain vulnerabilities can lead to significant financial losses for businesses in multiple ways:
In addition to upfront costs, vulnerabilities of this kind can also create hurdles that disrupt business functioning.
As generative AI becomes more widespread, there is a growing expectation for businesses to use it responsibly and safely. Those who fail to do this risk becoming a less attractive option for customers and partners.
Perhaps most critically, these vulnerabilities open the door to attacks with a potentially broad impact radius.
Given the novelty and variety of vulnerabilities that can impact LLMs, software supply chain risk management needs to take account of GenAI-specific threats. This means developing the ability to identify, assess and mitigate risks at every stage of the supply chain for generative AI technologies. This includes securing third-party software, ensuring data integrity, and implementing robust security practices to protect against vulnerabilities that can compromise AI models and their outputs.
LLMs are complex systems with many dependencies, each of which may provide an entry point for malicious actors. It’s perhaps unsurprising, then, that examples of supply chain attacks are not hard to find.
Recently, a leaked GitHub token was found in a binary file within a public Docker container. This token granted the administrator access to Python's essential repositories, including PyPI and CPython. If attackers had exploited it, they would have been able to insert harmful code into widely-used Python packages or the language itself, impacting millions of systems. This incident underscores the critical need for scanning both source code and binaries to prevent such vulnerabilities.
In another incident, 2 malicious npm packages were discovered using image files to hide backdoor code, demonstrating a novel method of obfuscating malicious instructions. These packages could execute remote commands by processing images containing concealed commands, allowing attackers to manipulate systems without detection. This incident highlights the evolving sophistication of supply chain attacks, emphasizing the need for robust security measures in software ecosystems.
At Lasso Security, we've uncovered significant risks associated with AI Package Hallucinations, where Large Language Models like ChatGPT suggest non-existent software packages. These hallucinations can be exploited by attackers to introduce malicious packages into the software supply chain, posing serious security threats. It's crucial to verify the authenticity of packages recommended by AI to prevent potential vulnerabilities. Our findings underscore the importance of cautious validation when integrating AI-generated suggestions into software development practices.
At the most level, addressing supply chain risk is crucial for organizations to ensure business continuity, because these attacks can interrupt normal functioning for potentially protracted periods of time. Part of this is protecting sensitive data, which is key to maintaining customer trust.
By reducing supply chain vulnerabilities, organizations can enhance their overall security posture and maintain a competitive edge in their respective markets.
Organizations must establish clear objectives from the outset. These include protecting sensitive data, ensuring the integrity of software components, and maintaining compliance with regulatory standards. To this, it’s important to identify critical assets, forecast possible threats and set achievable security targets.
The more defined these plans are, the easier it will be to focus resources effectively. Goals should also be clear: leaders should set benchmarks for what success looks like. And stakeholders from different departments should contribute to this process to make sure security objectives align with broad business goals.
You can only secure what you can see, so it’s essential to invest in a detailed inventory of components, suppliers and dependencies in the software development lifecycle (SDLC). That includes understanding T&Cs, and privacy policies. A Software Bill of Materials (SBOM) can help to make the way that different components interact with each other, and spot points that could be targets for attackers.
Software development tools like vulnerability scanners and penetration testing play a key role in finding exploitable points. OWASP also recommends strict evaluation of third-party vendors, including their internal security practices and compliance with industry standards. Another useful practice is proactively sharing threat intelligence with other organizations to mutually strengthen other businesses within the ecosystem.
Standard security controls are the essential baseline for mitigating supply chain attacks: multi-factor authentication, encryption, and access management. Incident response plans and tabletop exercises should also be a priority. These measures go beyond the confines of any individual organization: it’s vital to collaborate with third-party vendors to improve their security practices and conduct regular audits to further strengthen the supply chain.
At Lasso Security, we understand that managing supply chain vulnerabilities in the era of GenAI requires a proactive and comprehensive approach. Our solution makes it easy for organizations to identify, assess, and mitigate risks in their software supply chain. By leveraging our expertise and advanced security tools, you can safeguard your business against potential threats, protect sensitive data, and maintain regulatory compliance.
For more information on how Lasso Security can help you fortify your supply chain, schedule a call with our team.
