📄 中文摘要
现代 AI 系统依赖于数百个第三方库、API 和数据源。一个被妥协的依赖可以使攻击者获得对推理管道、训练数据或客户查询的根访问权限。2020 年的 SolarWinds 事件影响了 18,000 个组织,2023 年的 3CX 事件感染了 30,000 家公司。针对 AI 的供应链攻击刚刚开始,且尚无标准化的检测或修复措施。Python 的 PyPI 包含超过 400,000 个包,只有 6 个经过安全审核,99.998% 的生态系统未经过审查。拼写欺骗现象严重,类似于 sklearn-clone、pytorch-cuda-1174 和 numpy-extended 的包名收集了大量用户。
📄 English Summary
Supply Chain Attacks: How Compromised Dependencies Weaponize Your Entire AI Infrastructure
Modern AI systems rely on hundreds of third-party libraries, APIs, and data sources. A single compromised dependency can provide attackers with root access to your inference pipeline, training data, or customer queries. The SolarWinds breach in 2020 affected 18,000 organizations, while the 3CX breach in 2023 infected 30,000 companies. AI-specific supply chain attacks are just beginning, with no standardized detection or remediation in place. The Python Package Index (PyPI) hosts over 400,000 packages, yet only 6 have been audited for security, leaving 99.998% of the ecosystem unvetted. Typosquatting is prevalent, with package names like sklearn-clone, pytorch-cuda-1174, and numpy-extended collecting thousands of users.