AML.T0010 Realized

AI Supply Chain Compromise

This technique has been observed in real-world attacks on AI systems.

Adversaries may gain initial access to a system by compromising the unique portions of the AI supply chain. This could include [Hardware](/techniques/AML.T0010.000), [Data](/techniques/AML.T0010.002) and its annotations, parts of the AI [AI Software](/techniques/AML.T0010.001) stack, or the [Model](/techniques/AML.T0010.003) itself. In some instances the attacker will need secondary access to fully carry out an attack using compromised components of the supply chain.

Sub-techniques 6

AML.T0010.000 Hardware Feasible AML.T0010.001 AI Software Realized AML.T0010.002 Data Realized AML.T0010.003 Model Realized AML.T0010.004 Container Registry Demonstrated AML.T0010.005 AI Agent Tool Realized