Recent research and industry developments have highlighted significant vulnerabilities in the integrity and security of AI models and their supply chains. Researchers demonstrated that inserting as few as 250 carefully crafted, poisoned documents into an AI model's training data can corrupt its outputs, causing it to generate nonsensical or manipulated responses. This attack method, tested on models up to 13 billion parameters, shows that even a small amount of malicious data can have a disproportionate impact on model behavior, raising concerns about the robustness of AI training pipelines. In parallel, new attack techniques such as the Lies-in-the-Loop (LITL) attack have been identified, where adversaries plant seemingly benign code or dependencies that only reveal malicious behavior under specific runtime conditions. These attacks are particularly insidious because they can deceive AI-powered code assistants, especially those that learn from human feedback, into approving or perpetuating unsafe code. The LITL attack demonstrates that even with human oversight, AI systems can be manipulated into executing or recommending malicious actions, undermining the trust in human-in-the-loop security models. Additionally, the rapid growth of AI model repositories like Hugging Face has introduced new supply chain risks, as models themselves can harbor hidden malware, backdoors, or payloads that activate during inference or deserialization. Security firms are now developing specialized scanners to detect such threats in AI model artifacts, recognizing that traditional software security measures are insufficient for the unique risks posed by AI models. Real-world incidents have already shown that attackers can exploit model file formats to execute arbitrary code or exfiltrate data, making the AI supply chain a lucrative target. The convergence of these threats underscores the urgent need for robust security practices in AI development, including rigorous data curation, model artifact scanning, and enhanced monitoring of AI-assisted development workflows. As AI becomes more deeply integrated into production environments, the potential impact of compromised models or manipulated code suggestions grows, threatening both data integrity and operational security. The industry is responding with new tools and collaborative research, but the evolving threat landscape requires continuous vigilance and adaptation. Organizations deploying AI must recognize that both the data used for training and the models themselves are attack surfaces. Proactive measures, such as integrating supply chain scanning and monitoring AI-human interactions, are essential to mitigate these emerging risks. The findings from recent studies and product announcements serve as a wake-up call for the broader adoption of AI-specific security controls. As adversaries become more sophisticated in targeting AI systems, defenders must stay ahead by understanding and addressing these novel attack vectors. The future of AI security will depend on the industry's ability to anticipate, detect, and neutralize threats at every stage of the AI lifecycle.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Checkmarx published analysis of a new threat in which AI systems can produce misleading or false outputs that undermine human-in-the-loop security workflows, framing it as an emerging security risk.
Malwarebytes published research describing how AI systems can be poisoned using as few as 250 malicious or low-quality documents, highlighting a practical data-poisoning risk to model behavior and outputs.
Socket announced an experimental malware-scanning capability for the Hugging Face ecosystem, marking a new defensive measure aimed at identifying malicious content in AI-related repositories and packages.
3 references tracked. Mallory keeps watching after this page renders.
malwarebytes.com
Open sourcecheckmarx.com
Open sourcesocket.dev
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.