Adversaries tamper with training data, weights, GPU firmware and operating systems, cloud orchestration, or ML libraries in the provider pipeline, embedding manipulations that are difficult to detect downstream of the LLM gateway.
AI/ML / Multi Agent Refarch / Threats / DEV
Model supply-chain tampering
CCC.MARefArc.TH20
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP14 | Approved-model registry and lifecycle | Catalog of approved models with metadata, version information, configuration parameters, and usage constraints, ensuring agents access only models meeting organizational, regulatory, and security standards. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN05 | Legal and Contractual Frameworks for AI Systems | Establish contractual controls with model and MCP service providers covering data handling, retention and deletion, intellectual property, liability, and supply-chain integrity. |
| CCC.MARefArc.CN08 | Role-Based Access Control for AI Data | Enforce least-privilege, role-based access control over all AI data stores, including source bases, the vector store, and model artifacts. |
| CCC.MARefArc.CN13 | MCP Server Security Governance | Govern the onboarding, verification, and ongoing monitoring of MCP servers so that only approved, integrity-verified servers are reachable, and supply-chain compromise is detected. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-008-01 | |
| air-vec | AIR-SEC-008-02 | |
| air-vec | AIR-SEC-008-03 |