AI Supply Chain Risk

AI Supply Chain Risk describes the exposure created when companies build AI systems from many external components: model providers, cloud infrastructure, data sources, embedding models, vector databases, agent tools, open-source packages, and API integrations. Unlike traditional software supply chains, AI dependencies are often dynamic. Model behavior can change, pricing can move, terms of service may shift, training data is not always transparent, and one provider outage can block an entire workflow. The risk is therefore not only a cybersecurity issue; it also affects compliance, availability, cost control, data residency, and strategic dependency. Strong risk management maps every AI dependency, ranks vendors by criticality, checks data flows, and defines fallbacks such as model routing, self-hosting, or human approval gates. This becomes especially important for agent systems, because agents can call tools autonomously and multiply hidden dependencies. AI Supply Chain Risk gives teams a practical way to see where an AI project is fragile before it scales into production.