Why it matters

Supply chain attacks are rising. LLMs have unique chain (model weights, datasets). Understanding shapes defense.

Advertisement

The architecture

Model provenance: verify hashes + signatures.

Data provenance: audit training data.

Deps: pin + scan.

LLM supply chainModel provenancehash + sigData provenanceaudit + sourcesDepspin + scanSLSA + SBOM for LLM: catalog model + data + libs
Supply chain.
Advertisement

How it works end to end

Model hashes: verify on load.

SBOM: catalog + monitor.

SLSA levels: build integrity.

Dep scanning: Trivy, Snyk.