Vulnerabilities in the third-party components used to build, train, fine-tune, deploy, or run an LLM application — the pre-trained models, adapters, datasets, packages, plugins, and infrastructure. A weakness in any one link can cascade into the whole AI stack.
This risk is not about your own code or your own users. It's about everything you didn't make but still trust — downloaded, imported, or called over the network. The torchtriton package was a third-party component. So is every model you pull from a hub.
In a normal app, a bad library breaks a feature. In an AI stack, a poisoned link can sit underneath everything — the model that answers every query, the framework that loads it. One compromised dependency can quietly affect every output the system ever produces.
You are only as trustworthy as the least trustworthy thing you depend on. AI apps depend on a lot of things.