The OWASP LLM Top 10 and Sonatype: Supply chain security
4 minute read time
The rise of AI has unlocked unprecedented opportunities across industries, from automating tedious tasks to accelerating software development and transforming how applications are built and maintained. However, AI has also exposed critical vulnerabilities, ethical concerns, data privacy risks, and the potential for misuse or bias in decision-making processes.
As large language models (LLMs), a rapidly growing subset of AI, continue to evolve, the foundations they are built upon are increasingly targeted by attackers. These risks are no longer confined to traditional software environments. They now extend into the AI ecosystem, where the software supply chain includes everything from third-party model weights and datasets to orchestration pipelines and open source dependencies.
In 2025, the Open Worldwide Application Security Project (OWASP) Top 10 for Large Language Model Applications identified "Supply Chain" as a key category of concern. This reinforces a growing industry-wide recognition: a secure software supply chain is essential not only for conventional applications but for LLM-powered systems as well.
This blog post is the first in a four-part series exploring how Sonatype helps organizations address key OWASP LLM Top 10 categories — starting with supply chain security.
What is software supply chain security in the context of LLMs?
In traditional software development, software supply chain security focuses on identifying and managing risks across the full software development life cycle (SDLC) — from code and software dependencies to build environments and deployment infrastructure.
But in the AI space, and particularly in LLM applications, this definition expands.
According to OWASP, LLM-specific supply chain risks include:
-
Use of malicious or backdoored training data and models from public repositories
-
Poisoned open source dependencies used during training or inference
-
A lack of visibility into the provenance and integrity of third-party assets
These software supply chain risks are amplified by the speed and complexity of modern AI development. Unlike traditional applications, LLMs often rely on opaque or unverified resources, making it easier for threat actors to slip harmful components into the system undetected.
The consequences of these software supply chain attacks can be severe, from biased outputs to full-scale data exfiltration or model manipulation.
Why do LLM developers need a secure software supply chain?
LLM applications are deeply reliant on external assets: Pretrained models, fine-tuning datasets, orchestration tools, and machine learning libraries. Without proper controls, it's easy for development teams to unknowingly incorporate vulnerable or malicious components.
This is why software supply chain security best practices — such as component scanning, provenance validation, and cryptographic signing — are crucial for AI development. These practices, long recommended by both OWASP and the National Institute of Standards and Technology (NIST) software supply chain security guidance, help reduce the risk of compromise while enabling faster, safer development.
At Sonatype, we bring proven expertise and automation to this space, enabling organizations to embed security into the entire AI development lifecycle.
How Sonatype secures the software supply chain for AI and LLMs
Sonatype's platform is purpose-built to help organizations achieve end-to-end software supply chain security. Whether you are building enterprise-grade web applications or cutting-edge LLM-powered tools, Sonatype provides automated solutions to mitigate software supply chain attacks and enforce trust at scale.
Our solutions empower developers and security teams with:
-
Automated component analysis: Sonatype Lifecycle continuously monitors every open source dependency, whether Python, Java, or Rust, for known vulnerabilities, license risks, and malicious behavior. With deep policy enforcement, teams can block suspicious or outdated AI-related packages before they're ever pulled into production.
-
Trusted software curation: Our world-class vulnerability research and AI-powered detection systems help identify counterfeit or backdoored components across the open source ecosystem. This is especially critical when working with pretrained LLMs or unvetted machine learning libraries.
-
SBOM generation and validation: With Sonatype SBOM Manager, teams gain visibility into every component that goes into an LLM application. This lets you verify the provenance and integrity of models, dependencies, and datasets, and enables traceability when regulations or audits demand it.
-
Policy-driven governance: Whether you are building an LLM-powered chatbot or integrating generative AI into customer workflows, Sonatype enables secure development at scale. Define custom rulesets to enforce version pinning, license restrictions, and trust boundaries across all ML components in your CI/CD pipeline.
Software supply chain security is mission-critical for AI
The OWASP Top 10 for LLMs is more than a checklist. It's a wake-up call. As LLMs power more business-critical tools and decision-making systems, securing the software supply chain behind them becomes non-negotiable.
Organizations that fail to implement supply chain hygiene risk exposing themselves to tampered models, poisoned data, or downstream vulnerabilities that are hard to detect and even harder to remediate. That's why securing the software supply chain must be a core part of every AI development strategy.
Sonatype is your partner in software supply chain security
At Sonatype, we help customers reduce software supply chain risks with trusted automation, deep visibility, and intelligent governance. Our tools enable security and development teams to work in unison, so innovation does not come at the expense of integrity.
Whether you are building with Python, Java, or PyTorch, our platform ensures that every component in your AI pipeline is trustworthy, traceable, and secure.
To dig deeper explore our platform's capabilities for secure AI development or learn more about modern software supply chain security in our latest State of the Software Supply Chain report.
Aaron is a technical writer on Sonatype's Marketing team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they ...
Explore All Posts by Aaron Linskens
Build Smarter with AI and ML.
Take control of your AI/ML usage with visibility, policy enforcement, and regulatory compliance.