SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain

TL;DR

This paper systematically analyzes 529 security vulnerabilities in the LLM supply chain, revealing concentration in application and model layers, root causes, and issues with patch effectiveness, highlighting key security challenges.

Contribution

It provides a comprehensive analysis of vulnerabilities across the LLM supply chain, identifying main causes and gaps in patch effectiveness, which guides future security improvements.

Findings

Vulnerabilities are mainly in application and model layers.

Improper resource control and neutralization are primary root causes.

56.7% of vulnerabilities have fixes, but 8% are ineffective.

Abstract

Large Language Models (LLMs) transform artificial intelligence, driving advancements in natural language understanding, text generation, and autonomous systems. The increasing complexity of their development and deployment introduces significant security challenges, particularly within the LLM supply chain. However, existing research primarily focuses on content safety, such as adversarial attacks, jailbreaking, and backdoor attacks, while overlooking security vulnerabilities in the underlying software systems. To address this gap, this study systematically analyzes 529 vulnerabilities reported across 75 prominent projects spanning 13 lifecycle stages. The findings show that vulnerabilities are concentrated in the application (50.3%) and model (42.7%) layers, with improper resource control (45.7%) and improper neutralization (25.1%) identified as the leading root causes. Additionally, while 56.7% of the vulnerabilities have available fixes, 8% of these patches are ineffective, resulting in recurring vulnerabilities. This study underscores the challenges of securing the LLM ecosystem and provides actionable insights to guide future research and mitigation strategies.