AI Supply Chain and Third-Party Component Security

Tier 2 APPLICATION
ISO A.10 NIST GV-6 OWASP LLM05 OWASP ASI04

Related Templates

AI Vendor Security Evaluation Rubric

What This Requires

Maintain a comprehensive inventory of all third-party AI components in use, including foundation models, fine-tuned models, plugins, embeddings libraries, vector databases, and API integrations. Each component must be assessed for security risk, licensed appropriately, monitored for vulnerabilities, and subject to vendor due diligence before deployment.

Why It Matters

AI supply chains are uniquely vulnerable because they combine traditional software dependencies with opaque model components that can contain backdoors, biased training data, or poisoned weights undetectable through conventional code review. A compromised model downloaded from a public hub, a malicious plugin, or a vulnerable embedding library can introduce persistent threats that evade standard application security testing.

How To Implement

AI Bill of Materials (AI-BOM)

Create and maintain an AI Bill of Materials that inventories every third-party AI component: model name and version, source (vendor, open-source hub), license type, deployment location, data processing scope, and responsible team. Update the AI-BOM whenever components are added, updated, or retired.

Vendor Due Diligence

Conduct security and privacy assessments of AI vendors before onboarding. Evaluate model provenance (training data sources, fine-tuning history), security practices (vulnerability disclosure, incident response), and contractual terms (data handling, liability, indemnification). Reassess vendors annually or when significant changes occur.

Vulnerability Monitoring

Subscribe to vulnerability feeds and advisories for all AI components in the AI-BOM. Monitor model hubs, CVE databases, and AI-specific threat intelligence sources for known issues. Establish patching SLAs: critical vulnerabilities within 72 hours, high within 2 weeks, medium within 30 days.

Component Isolation and Testing

Deploy third-party AI components in sandboxed environments with network segmentation and limited permissions. Conduct security testing (static analysis, behavioral testing, adversarial probing) on new components before production deployment. Require approval from the security team for any component that processes confidential data.

Evidence & Audit

  • AI Bill of Materials with complete component inventory
  • Vendor due diligence assessment reports
  • License compliance records for all AI components
  • Vulnerability monitoring subscription records and alert logs
  • Patching records showing SLA compliance for identified vulnerabilities
  • Sandbox and isolation architecture documentation
  • Pre-deployment security testing reports for third-party components
  • Annual vendor reassessment records

Related Controls

AI Asset Inventory AI Vendor Security Evaluation Agent and Plugin Permission Governance