The Protection of Your Endpoint against Artificial Intelligence Supply Chain Threats

AndyC 3 March 2025

Given the recent rise of potent open-source

Given the recent rise of potent open-source AI models like DeepSeek, numerous businesses are rushing to restrict access as per their security protocols. As AI teams increasingly turn to public repositories to utilize advanced models like DeepSeek, security teams are under increasing pressure to prevent unrestricted retrieval of artifacts from untrusted sources. The main point of concern is evident: organizations highly prioritize trust in their AI Supply Chain.

We are delighted to announce that effective immediately, all current users of Cisco Secure Endpoint and Email Threat Protection are shielded against malevolent AI Supply Chain artifacts, whether they are downloaded directly from the Hugging Face open-source repository, shared via email, or retrieved from a shared drive.

Comprehending AI Supply Chain Security

At Cisco, we have directly observed that while organizations may fret over various AI security issues like prompt injections and jailbreaks, their initial security concerns typically revolve around risks within the AI Supply Chain. ML teams often confront a critical hurdle: security teams frequently block access to platforms such as Hugging Face, thus inhibiting the utilization of open-source models. This creates a challenging dilemma – the swift pace of open-source advancements means teams risk lagging behind if they cannot access these models, yet the apprehensions of security teams regarding detrimental models causing widespread organizational problems are equally valid.

AI Supply Chain Security encompasses the strategies and actions implemented to safeguard enterprises and applications throughout the AI development and deployment lifecycle. This encompasses fortifying software stacks, training data, and third-party models against vulnerabilities and attack vectors like software flaws, deserialization issues, architectural backdoors, and data/model poisoning.

“Ensuring security in the AI supply chain goes beyond mere technicality; it forms the bedrock of confidence in technology. Organizations globally are increasingly recognizing that supply chain security is fundamental to safeguarding both AI applications and traditional systems against vulnerabilities inherited at every stage of development and production. At Cisco, we are dedicated to spearheading this effort by furnishing our clients with advanced safeguards against these emerging threats, guaranteeing that innovation does not compromise security.”

Omar Santos, Distinguished Engineer, Security & Trust at Cisco and Co-Chair of the Coalition for Secure AI

The three cornerstones of AI Supply Chain Security

1. Software Security

The software dimension of AI supply chain security tackles several pivotal areas:

  • Vulnerabilities in software libraries that could jeopardize system integrity
  • Suspect repositories, inclusive of malevolently configured repositories on platforms like Hugging Face
  • Vulnerabilities in frameworks, such as those unearthed in renowned tools like Langchain

2. Model Security

Models present distinctive security dilemmas, encompassing:

  • Malware nested within model files
  • Dependencies featuring known vulnerabilities (e.g., zlib.decompress)
  • Architectural backdoors (e.g., within Lambda layers)
  • Backdoors ingrained in model weights
  • Models exhibiting behavioral attributes contravening company policies or security standards

3. Data Security

The data element of AI supply chain security homes in on:

  • Potential contamination during training processes
  • Liability in the lineage of models or datasets concerning data and model origin
  • Legal and compliance matters linked to models or inherited from parent models and training data

Current universal hurdles

Organizations confront numerous immediate challenges in fortifying their AI supply chain:

  • Manual model scanning or verification processes are unreliable for security teams
  • Model vulnerabilities can jeopardize application security and compromise enterprise security posture through arbitrary code execution or backdoors
  • Existing security methodologies frequently hinder innovation and speed of development

“Public repositories like Huggingface present a particularly intriguing dilemma as we require access to validate models we are working with, yet it also serves as an unregulated repository of potentially malevolent models. It is imperative strategically to allow access, but it is equally imperative for security to block the use of malicious models.”

Sarah Winslow, Director | PSEC Emerging Technologies & AI, Veradigm

Unveiling Secure Endpoint AI Supply Chain Protection

We are thrilled to proclaim that all active Cisco Secure Endpoint clients now receive automatic protection against malevolent AI Supply Chain artifacts sourced from Hugging Face. No additional setup is necessary. The solution boasts:

  • Automatic blocking of identified malicious files during read/write/modify operations
  • Defense against multiple threat vectors, including direct downloads and side-channel delivery (e.g., ZIP file through shared drive)
  • Configurable alert or quarantine features

Furthermore, Cisco email threat detection has been elevated to autonomously block email attachments harboring malevolent AI Supply Chain Security artifacts.

The upgraded capabilities specifically shield against five critical threats:

  • Code Execution Vulnerabilities
  • System Command Execution Vulnerabilities
  • Networking and Remote Execution Vulnerabilities
  • Serialization and Deserialization Vulnerabilities
  • Web Interaction and User Interface Manipulation

Cisco AI Threat Intelligence + Advanced Malware Protection

Now integrated into Cisco, threat intelligence from our AI Security Threat Research team now informs Malware Defense (formerly known as Advanced Malware Protection or AMP). Malware Defense has long benefitted from elite threat research and intelligence feeds from Cisco Talos.

Security threats concerning machine learning models and data formats have been scrutinized and discussed by Robust Intelligence (now part of Cisco) since 2021. We were pioneers in establishing an AI Security Threat Research Team and associated intelligence services. In 2023, we introduced AI Risk Database as an investigative tool for AI Supply Chain issues and further upgraded it before releasing it as an open source project on GitHub in collaboration with MITRE, as part of the broader array of MITRE ATLAS tools.

Anticipating the Future

This marks just the initial stage of our dedication to AI supply chain security. More initiatives are underway to shield AI systems developers against supply chain risks. As AI continuously progresses and integrates into enterprise systems, fortifying the AI supply chain becomes increasingly imperative. Organizations no longer need to compromise security for innovation with Cisco’s AI Security solutions.

We are eager to hear your thoughts. Feel free to Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social media!

Cisco Security Social Platforms

Instagram
Facebook
Twitter
LinkedIn

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags:

More Stories

The SOC at the Network Operations Center during Mobile World Congress 2025

AndyC 7 April 2025

Mobile Technology Congress 2025: System on a Chip in the Operation Center

AndyC 7 April 2025

Harnessing the Privacy Benefit to Foster Confidence in the Era of AI

AndyC 7 April 2025

Unlocking the Advantages of Privacy to Establish Trust in the Era of Artificial Intelligence

AndyC 7 April 2025

Module for Network Visibility and Zeek Detections in Enhanced Network Security Analytics

AndyC 7 April 2025

The Advantages of a Extensive and Open Collaboration Ecosystem

AndyC 7 April 2025

You may have missed

SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warns of actively exploited flaw in SMA 100 AMC

AndyC 18 December 2025
Why Venture Capital Is Betting Against Traditional SIEMs

Why Venture Capital Is Betting Against Traditional SIEMs

AndyC 18 December 2025
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

AndyC 18 December 2025
Enterprise Spotlight: Setting the 2026 IT agenda

The Hidden Cost of “AI on Every Alert” (And How to Fix It)

AndyC 18 December 2025
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.