Supply chain attacks don't have one signature outcome — they inherit whatever the poisoned component could do.
💻
Code execution on your machines
A poisoned package or model file runs attacker code the moment it loads — reverse shells, miners, the works (torchtriton, Ultralytics).
🔑
Credential & data theft
SSH keys, API tokens, environment secrets, and source code exfiltrated to the attacker.
🎭
Silently altered model behavior
A backdoored or poisoned model gives normal answers — until a trigger flips it to lie, leak, or misbehave.
📡
Blast radius across every user
Because the bad link sits under the whole app, one compromise can hit every customer at once.
⚖️
Legal & licensing fallout
A model or dataset under the wrong license can poison your right to ship — a non-obvious supply chain risk OWASP calls out explicitly.
The Scary Part
Most of these happen before you notice. The torchtriton victims had no error, no crash — just a slightly different package that worked fine while it stole from them.