To ensure that our most advanced systems do not become our Achilles’ heel, securing AI supply chains must be a focus for both users and policy makers.

Software supply chain incidents show how attacking critical systems can scale disruption.

In 2025, the ‘Shai-Hulud’ compromise – named after the unseen sandworms traveling beneath the desert of Arrakis in the novel Dune – tore through a public registry where developers typically publish and download reusable components of code. By compromising just a handful of widely used packages, attackers gained access to thousands of downstream projects, using routine updates to distribute the attack at scale. It is alike to compromising a trusted warehouse of standard bolts from a reputable supplier. What if the bolts were swapped for defective ones? Every product built with them would inherit the flawed bolts.

Due to this attack, up to 25,000 projects have been compromised to date. That is what makes supply chain compromise a strategically attractive attack vector: it offers access and scale by attacking the implicitly trusted dependency and not the defended system. As a result, the extent of the damage can be large before defenders even know where to look.

