New Ciso's Expert Guide To AI Supply Chain Attacks 2025

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.

Download the full CISO’s expert guide to AI Supply chain attacks here.

Remember when supply chain attacks meant stolen credentials and tampered updates? Those were simpler times. Today's reality is far more interesting and infinitely more complex.

The software supply chain has become ground zero for a new breed of attack. Think of it like this: if traditional malware is a burglar picking your lock, AI-enabled malware is a shapeshifter that studies your security guards' routines, learns their blind spots, and transforms into the cleaning crew.

Take the PyTorch incident. Attackers uploaded a malicious package called torchtriton to PyPI that masqueraded as a legitimate dependency. Within hours, it had infiltrated thousands of systems, exfiltrating sensitive data from machine learning environments. The kicker? This was still a "traditional" attack.

Fast forward to today, and we're seeing something fundamentally different. Take a look at these three recent examples –

A threat actor called NullBulge conducted supply chain attacks by weaponizing code in open-source repositories on Hugging Face and GitHub, targeting AI tools and gaming software. The group compromised the ComfyUI_LLMVISION extension on GitHub and distributed malicious code through various AI platforms, using Python-based payloads that exfiltrated data via Discord webhooks and delivered customized LockBit ransomware.

On December 2, 2024, attackers compromised a publish-access account for the @solana/web3.js npm library through a phishing campaign. They published malicious versions 1.95.6 and 1.95.7 that contained backdoor code to steal private keys and drain cryptocurrency wallets, resulting in the theft of approximately $160,000–$190,000 worth of crypto assets during a five-hour window.

The AI-powered image and video enhancement application Wondershare RepairIt exposed sensitive user data through hardcoded cloud credentials in its binary. This allowed potential attackers to modify AI models and software executables and launch supply chain attacks against customers by replacing legitimate AI models retrieved automatically by the application.

Download the CISO’s expert guide for full vendor listings and implementation steps.

Source: The Hacker News