AI Posture Check Take the Check
LLM03 · OWASP LLM Top 10

Supply Chain (LLM03)

Vulnerabilities or compromises in upstream training data, pre-trained models, third-party datasets, model marketplaces, or fine-tuning services that affect the security of the deployed system.

Examples

  • A model downloaded from a hub contains a backdoor activated by a specific trigger phrase.
  • A training dataset includes poisoned samples that cause the model to misbehave on specific topics.
  • A vendor's fine-tuning service leaks the customer's training data.

Recommended controls

  • Model provenance tracking
  • Vendor security due diligence
  • Model fingerprinting on receipt
  • Reproducible training where applicable
  • Continuous vendor monitoring

Posture Check checkpoint

Posture Check questions Q26–Q30. Score affects Vendor dimension.

Score yourself against this framework.

The AI Posture Check is a free 30-question self-assessment that maps your gaps directly to OWASP LLM Top 10, NIST AI RMF, and ISO 42001.

Take the AI Posture Check
Need help operationalizing this?

Talk to a CWS engineer about your AI security program.

Schedule a Discovery Call to scope a Standard Audit or Enterprise Program.

Schedule a Discovery Call