supply chain • AI Security Wire

img of Prompt Injection via Third-Party Plugins: A Growing LLM Supply Chain Risk

Threat actors are embedding prompt injection payloads in third-party LLM plugins and data sources to hijack AI agent actions, exfiltrate data, and pivot within enterprise environments.

img of NightShade APT: State-Sponsored Group Targeting AI Training Pipelines

May 23, 2026 5 min read

Threat Actors

NightShade APT: State-Sponsored Group Targeting AI Training Pipelines

A newly attributed state-sponsored threat actor is systematically targeting AI development infrastructure to poison training datasets and embed persistent backdoors in commercially deployed models.

img of Sleeper Agents in Fine-Tuned LLMs: Backdoors That Survive Alignment

May 22, 2026 5 min read

Research

Sleeper Agents in Fine-Tuned LLMs: Backdoors That Survive Alignment

New research demonstrates that backdoor behaviours introduced into LLMs during fine-tuning can persist through subsequent safety alignment procedures, including RLHF and adversarial training, posing significant supply chain risks.

img of NIST Publishes AI RMF 2.0 with New Guidance on Adversarial Machine Learning

May 20, 2026 4 min read

News Brief

NIST Publishes AI RMF 2.0 with New Guidance on Adversarial Machine Learning

NIST has released version 2.0 of the AI Risk Management Framework, significantly expanding guidance on adversarial ML threats, model supply chain security, and AI-specific incident response. Key changes for security teams.