AI Supply Chain Reputation Inflation - AI Security Technique
AI Security TechniqueAI Supply Chain Reputation Inflation is the process of building or leveraging genuinely credible-looking trust signals to increase the perceived legitimacy of AI supply chain components, with the goal of driving adoption of malicious or compromised assets. Adversaries use established developer accounts with a history of legitimate projects and contributions to publish AI models, datasets, packages, and MCP servers...
Overview
A source-backed snapshot of this AI security technique.
AI Supply Chain Reputation Inflation is the process of building or leveraging genuinely credible-looking trust signals to increase the perceived legitimacy of AI supply chain components, with the goal of driving adoption of malicious or compromised assets.
Adversaries use established developer accounts with a history of legitimate projects and contributions to publish AI models, datasets, packages, and MCP servers that appear trustworthy. They build reputation through real adoption signals such as downloads, GitHub stars, forks, and inclusion in dependency chains, often releasing benign versions before introducing malicious updates via AI Supply Chain Rug Pull.
By relying on authentic history and usage patterns, these components pass both human and automated trust checks, increasing the likelihood they are adopted without scrutiny.
Technique details
Identifiers, maturity, and source taxonomy for this technique.
- ATLAS ID
- AML.T0111
- Maturity
- demonstrated
- Priority score
- 35
Attack flow
How to read the public records connected to this technique.
Impact
Why this technique may deserve attention in the current dataset.
- Evidence leveldemonstrated
- Mapped defenses0 ATLAS mitigation records
- Public examples1 linked case study records
- Research risks1 related MIT AI Risk records above the confidence threshold
- Vulnerabilities0 linked CVE records
Mitigations
Defenses that may help against this attack.
Case studies
Examples from public reports and exercises.
Supply Chain Compromise via Poisoned ClawdBot Skill
A security researcher demonstrated a proof-of-concept supply chain attack using a poisoned ClawdBot Skill shared on ClawdHub, a Skill registry for agents. The poisoned Skill contained a prompt injection that caused ClawdBot to execute a shell command that reached the researcher's server. Although the researcher here used this access simply to warn users about the danger, they could have instead delivered a malicious payload and compromised the user's system. The security researcher recorded 16 different users who downloaded and executed the poisoned Skill in the first 8 hours of it being published on ClawdHub.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
