Lesson 3 · 10 min
Supply chain attacks: poisoned RAG, tools, and models
LLM supply chain attacks target the components your application depends on — not the model or the user interaction. Poisoned retrieval data, malicious plugins, and backdoored model weights each require different mitigation.
The supply chain is broader than you think
For an LLM application, the supply chain includes:
- Model weights — the foundation model you're using (via API or self-hosted)
- Fine-tuning data — if you fine-tune, every training example is supply chain
- RAG knowledge base — every document, webpage, or database record the model can retrieve
- Tools and plugins — any external API or function the model can call
- Prompts and templates — shared prompt libraries, vendor-provided system prompts
An attacker who can compromise any of these doesn't need to attack the model directly — they influence the model's behavior indirectly.