---
type: Glossary Term
title: Supply Chain Attack
description: A supply chain attack is an offensive technique in which adversaries avoid hitting the target system head-on and instead compromise an upstream component of the
resource: "https://www.contextstudios.ai/glossary/supply-chain-attack"
category: security
language: en
timestamp: "2026-07-03T12:05:08.590Z"
---

# Supply Chain Attack

A supply chain attack is an offensive technique in which adversaries avoid hitting the target system head-on and instead compromise an upstream component of the software supply chain — an open-source package, a dependency, a model weight, or a build tool. Malicious code then rides the normal update or install path straight into every downstream system that trusts the compromised component. Common methods include typosquatting (packages named to mimic legitimate ones), dependency confusion (slipping a public package in place of an internal one), tampered lifecycle hooks, and backdoored models or poisoned training data. AI agents are unusually exposed here: they frequently install dependencies on their own, execute tools and MCP servers, and pull model weights from third parties without a human vetting each component. Unlike the broader notion of supply chain risk, which names the exposure, a supply chain attack is the concrete adversarial act — the active abuse of that trust relationship. Defenses lean on provenance attestations such as SLSA, pinned versions and checksums, isolated build environments, and strict egress control, so that one compromised link cannot pull down the entire chain.
