You're a machine-learning engineer. To get the newest features, you install the nightly build of PyTorch — the most popular deep-learning framework in the world. You run the exact command the official instructions give you. No shady website, no pirated download. Just the normal command, from the normal docs.
Quietly, in the background, a package that came along for the ride starts reading files on your machine: your SSH keys, your ~/.gitconfig, the first 1,000 files in your home directory, even /etc/passwd. It bundles them up and uploads them to a server you've never heard of.
You typed nothing wrong. You ran one install command — and handed a stranger the keys to your machine.
You never installed anything malicious on purpose. The danger rode in through something you trusted and depended on — a piece of the chain of software your AI stack is built from. That chain is the supply chain, and this is what it looks like when one link is poisoned.
Supply chain risk is when the danger doesn't come from your code or your users — it comes from the third-party stuff you build on top of.