Glossary term
Glossary term
Security
Risk introduced by third-party models, datasets, libraries, platforms, APIs, plugins, infrastructure, and vendors. Governance should evaluate provenance, licensing, security, privacy, and continuity. Third-party due diligence covers model provenance, data rights, security controls, privacy terms, subcontractors, incident notification, audit rights, and exit options.
OWASP LLM03:2025 Supply Chain addresses risks across base models, pre-trained models, datasets, and infrastructure providers.
Protect AI's Huntr platform and JFrog Security have surfaced malicious models on Hugging Face throughout 2023 and 2024.
Software Bills of Materials (SBOM) initiatives are being extended into AI Bills of Materials (AI-BOM) by CycloneDX and SPDX as of 2025.