The podcast explores the unique security challenges posed by AI supply chains, emphasizing how they differ from traditional software supply chains. Unlike deterministic software systems, AI models produce probabilistic outputs, and their control and data planes are intertwined - meaning inputs can influence both behavior and execution. This convergence complicates security, as external data sources, user prompts, and training inputs all shape model behavior, blurring the boundaries between instruction and data.
Key vulnerabilities are discussed across the AI lifecycle, from pre-training to deployment. Risks include data poisoning, malicious datasets, and undetectable backdoors introduced during training or fine-tuning. The use of third-party data, model weights, and frameworks like Hugging Face introduces supply chain risks, while quantization and compression techniques can unexpectedly expose models to attacks. Security measures such as model signing, attestation, and AI-specific bills of materials (BOMs) are explored, alongside transparency initiatives like data cards, model cards, and system cards that document training data, intended use, and system architecture. However, challenges remain in verifying training data provenance, ensuring model reproducibility, and detecting malicious intent in AI behavior, especially as models gain capabilities in code generation, tool use, and autonomous reasoning.