PromptRiskDBThreat intelligence atlas

AI Supply Chain Reputation Inflation - AI Security Technique

AI Security Technique

AI Supply Chain Reputation Inflation is the process of building or leveraging genuinely credible-looking trust signals to increase the perceived legitimacy of AI supply chain components, with the goal of driving adoption of malicious or compromised assets. Adversaries use established developer accounts with a history of legitimate projects and contributions to publish AI models, datasets, packages, and MCP servers...

Overview

A source-backed snapshot of this AI security technique.

AI Supply Chain Reputation Inflation is the process of building or leveraging genuinely credible-looking trust signals to increase the perceived legitimacy of AI supply chain components, with the goal of driving adoption of malicious or compromised assets.

Adversaries use established developer accounts with a history of legitimate projects and contributions to publish AI models, datasets, packages, and MCP servers that appear trustworthy. They build reputation through real adoption signals such as downloads, GitHub stars, forks, and inclusion in dependency chains, often releasing benign versions before introducing malicious updates via AI Supply Chain Rug Pull.

By relying on authentic history and usage patterns, these components pass both human and automated trust checks, increasing the likelihood they are adopted without scrutiny.

Tactics1Attacker goals connected to this method.
Mitigations0Defenses that may help against this attack.
AI risks1Research-backed risks connected to this topic.

Technique details

Identifiers, maturity, and source taxonomy for this technique.

ATLAS ID
AML.T0111
Maturity
demonstrated
Priority score
35
ATLAS tactics
Defense Evasion

Attack flow

How to read the public records connected to this technique.

1. TechniqueRead the ATLAS description and evidence level.
2. TacticsSee which attacker goals this method supports.
3. ExamplesCheck whether public case studies mention it.
4. DefensesReview safeguards mapped by ATLAS.
5. SourcesOpen the original public records and references.

Impact

Why this technique may deserve attention in the current dataset.

  • Evidence leveldemonstrated
  • Mapped defenses0 ATLAS mitigation records
  • Public examples1 linked case study records
  • Research risks1 related MIT AI Risk records above the confidence threshold
  • Vulnerabilities0 linked CVE records

Mitigations

Defenses that may help against this attack.

No connected defenses. No defense is connected to this attack in the current data.

Case studies

Examples from public reports and exercises.

Supply Chain Compromise via Poisoned ClawdBot Skill

A security researcher demonstrated a proof-of-concept supply chain attack using a poisoned ClawdBot Skill shared on ClawdHub, a Skill registry for agents. The poisoned Skill contained a prompt injection that caused ClawdBot to execute a shell command that reached the researcher's server. Although the researcher here used this access simply to warn users about the danger, they could have instead delivered a malicious payload and compromised the user's system. The security researcher recorded 16 different users who downloaded and executed the poisoned Skill in the first 8 hours of it being published on ClawdHub.

Date2026-01-26
exercise

Source evidence

Original public records and references for this page.