RUNLOCALAIv38
->Will it run?Best GPUCompareTroubleshootStartLearnPulseModelsHardwareToolsBench
Run check
RUNLOCALAI

Independently operated catalog for local-AI hardware and software. Hand-written verdicts. Source-cited claims. Reproducible commands when we have them.

OP·Fredoline Eruo
DIR
  • Models
  • Hardware
  • Tools
  • Benchmarks
TOOLS
  • Will it run?
  • Compare hardware
  • Cost vs cloud
  • Choose my GPU
  • Prompting kits
  • Quick answers
REF
  • All buyer guides
  • Learn local AI
  • Methodology
  • Glossary
  • Errors KB
  • Trust
EDITOR
  • About
  • Author
  • How we make money
  • Editorial policy
  • Contact
LEGAL
  • Privacy
  • Terms
  • Sitemap
MAIL · MONTHLY DIGEST
Get monthly local AI changes
Monthly recap. No spam.
DISCLOSURE

Some links on this site are affiliate links (Amazon Associates and other first-class retailers). When you buy through them, we earn a small commission at no extra cost to you. Affiliate links do not influence our verdicts — there are cards we rate highly that we don't have affiliate relationships with, and cards that sell well that we refuse to recommend. Read more →

© 2026 runlocalai.coIndependently operated
RUNLOCALAI · v38
  1. >
  2. Home
  3. /Learn
  4. /Courses
  5. /Security and Privacy for Local AI
  6. /Ch. 11
Security and Privacy for Local AI

11. Supply Chain Risks

Chapter 11 of 16 · 20 min
KEY INSIGHT

Supply chain security is trust management. Every library you import, every API you call, every model you load is a trust decision. Minimize dependencies, verify sources, and assume any component can be compromised.

AI supply chain risks extend beyond models to: training data, inference libraries, serving infrastructure, and third-party integrations. Each component introduces potential compromise points.

Supply chain attack vectors:

Dependency compromise targets package managers (PyPI, npm, pip). Attackers publish malicious packages with names similar to popular libraries. For AI, this includes torch, transformers, langchain, and vector database clients.

Model poisoning corrupts training data or fine-tuning weights. Attackers insert backdoor triggers—specific inputs that cause unexpected behavior.

Infrastructure tampering modifies serving software. A compromised Ollama build could exfiltrate prompts to attacker-controlled servers.

Third-party API compromise affects services your AI calls. If a RAG system queries external APIs, those APIs are part of your supply chain.

Defensive measures:

Pin dependency versions:

# requirements.txt with pinned versions
torch==2.2.0
transformers==4.38.0
sentence-transformers==2.3.1
langchain==0.1.6
chromadb==0.4.22

# Verify hashes
torch==2.2.0 --hash=sha256:abc123...

Verify build reproducibility:

# For source-built dependencies, verify build from source matches known hash
# Use reproducible build tooling (reproducible-builds.org)

# For containers, verify image signatures
cosign verify --certificate-identity-regex=".*" \
    --certificate-oidc-issuer="https://github.com" \
    ollama/ollama:latest

Isolate third-party integrations:

# Sandboxed API calls in RAG systems
import subprocess

def query_external_api(query: str, api_url: str) -> str:
    result = subprocess.run(
        ["curl", "-s", "-X", "POST", api_url,
         "-d", f"{{\"query\": \"{query}\"}}"],
        capture_output=True,
        timeout=5,
        # Network namespace isolation (requires root)
        # namespaces can limit what this process can access
    )
    return result.stdout.decode()

Local verification checkpoint

Run the smallest example from this chapter in a local workspace and record the package version, runtime, data path, and observed output. If the result depends on model size, vector count, CPU/GPU backend, or available memory, note that constraint beside the exercise so the lesson remains reproducible.

EXERCISE

Run pip list or npm list on your AI deployment. Identify any dependencies older than 12 months. For each outdated dependency, research known CVEs and create an update plan.

← Chapter 10
Model Provenance
Chapter 12 →
GDPR Compliance