Injection: LLM Supply Chain Vulnerabilities¶
Identifier:
llm_supply_chain_vulnerabilities
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
LLM supply chain vulnerabilities occur when weaknesses in the development or deployment process of language models allow attackers to tamper with the data, model code, or supporting infrastructure. This is dangerous because any alteration might lead to biased or harmful outputs, security breaches, or even system failures. Developers could inadvertently trust compromised components or overlook validation checks when integrating third-party datasets or software, making it easier for attackers to introduce errors or malicious tweaks. If these issues go unaddressed, users could end up relying on faulty or manipulated models, which in turn affects decision-making, privacy, and overall system reliability.
References:
- https://genai.owasp.org/llmrisk/llm05-supply-chain-vulnerabilities/
- https://owasp.org/www-project-top-10-for-large-language-model-applications/
Configuration¶
Example¶
Example configuration:
---
security_tests:
llm_supply_chain_vulnerabilities:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.