Pharos Report No.5 | Navigating Security in the Machine Learning and AI Supply Chain: What Policymakers Need to Know

Pharos Report No. 5 Navigating Security in the Machine Learning and AI Supply Chain: What Policymakers Need to Know

Artificial intelligence (AI) is increasingly embedded in critical systems across government, industry, and society. Most AI systems depend on a complex ecosystem of datasets, models, software libraries, and infrastructure sourced from multiple external actors. While this machine learning (ML) and AI supply chain enables rapid innovation through the reuse of existing components, it also introduces new and often underappreciated security risks. Vulnerabilities in widely used upstream components can propagate across many downstream systems, creating systemic exposure that is difficult to detect and contain. 

The fifth report of the Pharos Series, authored by Max Smeets, Anna Sophie den Ouden, and James Shires, examines how security risks emerge within the machine learning and AI supply chain and what can be done to mitigate them. It makes three central arguments: many of the most significant AI security risks arise before deployment; scale and reuse amplify systemic risk; and effective mitigation depends on managing, not eliminating, interdependence.

To support this analysis, the report breaks the machine learning and AI supply chain into three levels: the data level, the model level, and the deployment level. Across these levels, malicious actors exploit trust, complexity, and limited visibility. They may involve poisoning training data, substituting malicious components, embedding hidden behaviours in models, or manipulating system inputs after deployment.

For policymakers, these dynamics have important implications. AI security cannot be addressed solely through regulation focused on model behaviour and outputs, or through post-deployment oversight alone. It also requires attention to upstream dependencies, development practices, and the broader ecosystem in which AI systems are built and maintained. This includes issues such as data governance, software supply-chain security, standards for documentation and provenance, the resilience of shared infrastructure, and mechanisms that improve visibility, verification, and accountability across different stages of AI development and deployment.

“Securing the AI supply chain depends on three core principles: visibility, control, and accountability.”

The report concludes that securing AI systems requires a shift in perspective – from viewing them as standalone technical artefacts to understanding them as part of a distributed and evolving supply chain. Managing risk in this environment will require coordinated action across technical, organisational, and policy domains. The objective is not to eliminate risk entirely, but to make risks more visible, constrain their impact, and strengthen resilience throughout the broader ecosystem.

Read the full report below.

This report is a part of the Pharos Series, a series shedding light on cybersecurity and emerging technology challenges. The series aims to offer clear expert insights helping policymakers, researchers, and practitioners navigate evolving threats.

Authors

Max Smeets

Co-Director, Community Trustee

Anna Sophie den Ouden

Junior Researcher

James Shires

Co-Director, Community Trustee

Similar posts

Research & Analysis

Pharos Report No. 4 | Assessing the Impact of Ransomware Interventions and Countermeasures: A Framework

The fourth report of the Pharos Series, a joint project of Virtual Routes and Royal United Services Institute (RUSI), is authored by Max Smeets, Jamie MacColl, Sophie Williams-Dunning and Bob Herczeg.
Research & Analysis

Three insights from the latest countermeasures tracker update

We have updated the Virtual Routes Ransomware Countermeasures Tracker with over 50 new cases from the period between May and November 2025.
Research & Analysis

Apolline Rolland presents REMIT research at the 2025 Conference on International Cyber Security

At the 2025 Conference on International Cyber Security, we joined a vibrant discussion on how states, technologies, and private actors are reshaping the boundaries of espionage and governance in the digital realm, representing EU-funded REMIT project.

Thank you for signing up to our newsletter!

Thank you! RSVP received for Pharos Report No.5 | Navigating Security in the Machine Learning and AI Supply Chain: What Policymakers Need to Know

Pharos Report No.5 | Navigating Security in the Machine Learning and AI Supply Chain: What Policymakers Need to Know

Loading...

Loading…