How do I secure the AI/LLM supply chain?

Securing the AI/LLM supply chain involves managing risks associated with vulnerable or compromised components, including models, datasets, and plugins, by implementing controls that ensure provenance, integrity, and runtime enforcement.

To secure the AI/LLM supply chain, implement the following controls:

• Maintain an inventory of AI/agent systems (models, agents, tools, data flows) to ensure governance and track components. This aligns with NIST-MAP-1.5.
• Track provenance, licensing, and model-update risk for third-party models, datasets, and tools, including foundation-model providers, fine-tunes, and plugins. This addresses OWASP LLM03 Supply Chain and NIST-GOVERN-6.1.
• Implement admission control for skills, MCP servers, and plugins, ensuring nothing runs until it is scanned and evaluated. This includes scanning skills via skill-scanners, MCP servers via mcp-scanners, and plugins via plugin scanning flows.
• Utilize signed artifacts and vulnerability scanning for all components, including base models, fine-tunes, datasets, adapters, and third-party packages.
• Generate an AI Bill of Materials (AIBOM) to track all components and their context.
• Enforce runtime inspection of prompts, responses, and tool calls, with severity-based allow/warn/block actions to prevent risky behavior. This includes inspecting LLM traffic through guardrail flows and detecting prompt injection and sensitive-pattern risks.
• Vet MCP servers before connection and treat all MCP-sourced content as untrusted. Implement curated catalogs, code review for tool implementations, and sandboxing for marketplace components.