AI Threat Alert
ATLAS Landscape
AML.T0010
AI Supply Chain Compromise
Adversaries may gain initial access to a system by compromising the unique portions of the AI supply chain. This could include [Hardware](/techniques/AML.T0010.000), [Data](/techniques/AML.T0010.002) and its annotations, parts of the AI [AI Software](/techniques/AML.T0010.001) stack, or the [Model](/techniques/AML.T0010.003) itself. In some instances the attacker will need secondary access to fully carry out an attack using compromised components of the supply chain.
3 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-24123 | bentoml: Path Traversal enables file access | bentoml | 6.5 |
| MEDIUM | CVE-2026-21851 | monai: Path Traversal enables file access | monai | 5.3 |
| UNKNOWN | CVE-2026-42248 | Ollama: silent auto-update bypasses signature check on Windows | ollama | — |