LLM03:2025Supply Chain
Slide 7 of 29
Part 1 · What Is It?Slide 7
Slide 7 · Who Attacks
Who poisons a supply chain — and why it's so attractive.
One poisoned link reaches thousands of downstream victims. That leverage draws a specific cast.
🎯
The Opportunist
TYPOSQUATTER / CONFUSER
Registers look-alike package and model names, or exploits dependency confusion, and waits for installs to roll in. Cheap, automated, high volume.
🥷
The Pipeline Intruder
CI/CD ATTACKER
Slips into a project's build system (a leaked token, a malicious pull request) and poisons the official release everyone trusts. See: Ultralytics.
🧬
The Model Tamperer
POISONER
Surgically edits a public model or dataset to plant a backdoor or false “fact,” then uploads it under a trustworthy-looking name. See: PoisonGPT.
💰
The Cryptojacker
RESOURCE THIEF
Doesn't want your data — wants your GPUs. Hijacks popular AI packages to mine cryptocurrency on victims' hardware.
The Common Thread

None of them attack you directly. They attack something upstream that you (and thousands of others) already trust. That's the whole point — it scales.

← BackNext → The myth to kill first
📄 View sources for this lesson