What Is AI Supply Chain?
AI Supply Chain is the chain of external components an AI system depends on — foundation models, training data, libraries, APIs, and compute providers — each carrying its own security, legal, and reliability risk.
AI Supply Chain — the chain of external components an AI system depends on — foundation models, training data, libraries, APIs, and compute providers — each carrying its own security, legal, and reliability risk.
Few organisations build AI from scratch; most assemble it from third-party models, datasets, and services, inheriting whatever weaknesses those bring. Supply-chain risks include compromised or poisoned components, undisclosed licensing or data-provenance problems, and dependence on a provider that may change terms or fail. Mapping and governing these dependencies — through due diligence, contracts, and an inventory — is core to AI assurance.
Source: OWASP Top 10 for LLM Applications; NIST AI 100-1
Plain-language explanation
Few organisations build AI from scratch; most assemble it from third-party models, datasets, and services, inheriting whatever weaknesses those bring. Supply-chain risks include compromised or poisoned components, undisclosed licensing or data-provenance problems, and dependence on a provider that may change terms or fail. Mapping and governing these dependencies — through due diligence, contracts, and an inventory — is core to AI assurance.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →