Slide 5 · The Component Map
Six kinds of links in the chain.
A normal app supply chain is mostly packages. An AI supply chain adds five more layers — each its own attack surface.
📦
Packages & libraries
The pip/npm dependencies your code imports — PyTorch, transformers, a gateway library. Where torchtriton lived.
🧠
Pre-trained models
The base model you download from a hub. A binary black box you can't easily read — it could hide a backdoor.
🧩
Adapters (LoRA) & fine-tunes
Small add-on files that re-shape a base model's behavior. Tiny, easy to share — and easy to poison.
📚
Datasets
Public training and fine-tuning data. If an attacker can edit it, they can plant behavior before the model even exists.
🔌
Plugins & tools
Third-party extensions and connectors your agent can call. Each one runs with your app's trust.
☁️
Infrastructure
The hosting, shared GPUs, build pipelines (CI/CD), and edge devices the whole thing runs on.
Why This Slide Matters
Every type of attack in Part 2 targets one of these six links. Keep this map in your head — the rest of the lesson hangs on it.