Table of Contents
Fetching ...

Securing the AI Supply Chain: What Can We Learn From Developer-Reported Security Issues and Solutions of AI Projects?

The Anh Nguyen, Triet Huynh Minh Le, M. Ali Babar

TL;DR

This paper addresses the gap between theoretical AI security frameworks and real-world practice by mining security-relevant discussions from Hugging Face and GitHub. It develops a pipeline combining keyword filtering and an optimal distilBERT classifier to assemble a large corpus (312,868 posts) and conducts a qualitative analysis of 753 posts to produce a fine-grained taxonomy of 32 security issues and 24 solutions across four AI-component themes: System & Software, External Tools & Ecosystem, Model, and Data. The results reveal exponential growth in security discourse, a scarcity of concrete fixes for AI-specific surfaces (Model/Data), and substantial cross-cutting effects across themes, underscoring the need for holistic security approaches and practical tools (e.g., extensions to AI Bill of Materials). The study contributes an empirical foundation, a replication package, and actionable insights to guide researchers and practitioners in securing the AI supply chain against real-world threats.

Abstract

The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known about what security issues are commonly encountered and how they are resolved in practice. This gap hinders the development of effective security measures for each component of the AI supply chain. We bridge this gap by conducting an empirical investigation of developer-reported issues and solutions, based on discussions from Hugging Face and GitHub. To identify security-related discussions, we develop a pipeline that combines keyword matching with an optimal fine-tuned distilBERT classifier, which achieved the best performance in our extensive comparison of various deep learning and large language models. This pipeline produces a dataset of 312,868 security discussions, providing insights into the security reporting practices of AI applications and projects. We conduct a thematic analysis of 753 posts sampled from our dataset and uncover a fine-grained taxonomy of 32 security issues and 24 solutions across four themes: (1) System and Software, (2) External Tools and Ecosystem, (3) Model, and (4) Data. We reveal that many security issues arise from the complex dependencies and black-box nature of AI components. Notably, challenges related to Models and Data often lack concrete solutions. Our insights can offer evidence-based guidance for developers and researchers to address real-world security threats across the AI supply chain.

Securing the AI Supply Chain: What Can We Learn From Developer-Reported Security Issues and Solutions of AI Projects?

TL;DR

This paper addresses the gap between theoretical AI security frameworks and real-world practice by mining security-relevant discussions from Hugging Face and GitHub. It develops a pipeline combining keyword filtering and an optimal distilBERT classifier to assemble a large corpus (312,868 posts) and conducts a qualitative analysis of 753 posts to produce a fine-grained taxonomy of 32 security issues and 24 solutions across four AI-component themes: System & Software, External Tools & Ecosystem, Model, and Data. The results reveal exponential growth in security discourse, a scarcity of concrete fixes for AI-specific surfaces (Model/Data), and substantial cross-cutting effects across themes, underscoring the need for holistic security approaches and practical tools (e.g., extensions to AI Bill of Materials). The study contributes an empirical foundation, a replication package, and actionable insights to guide researchers and practitioners in securing the AI supply chain against real-world threats.

Abstract

The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known about what security issues are commonly encountered and how they are resolved in practice. This gap hinders the development of effective security measures for each component of the AI supply chain. We bridge this gap by conducting an empirical investigation of developer-reported issues and solutions, based on discussions from Hugging Face and GitHub. To identify security-related discussions, we develop a pipeline that combines keyword matching with an optimal fine-tuned distilBERT classifier, which achieved the best performance in our extensive comparison of various deep learning and large language models. This pipeline produces a dataset of 312,868 security discussions, providing insights into the security reporting practices of AI applications and projects. We conduct a thematic analysis of 753 posts sampled from our dataset and uncover a fine-grained taxonomy of 32 security issues and 24 solutions across four themes: (1) System and Software, (2) External Tools and Ecosystem, (3) Model, and (4) Data. We reveal that many security issues arise from the complex dependencies and black-box nature of AI components. Notably, challenges related to Models and Data often lack concrete solutions. Our insights can offer evidence-based guidance for developers and researchers to address real-world security threats across the AI supply chain.
Paper Structure (30 sections, 6 figures, 3 tables)

This paper contains 30 sections, 6 figures, 3 tables.

Figures (6)

  • Figure 1: Research process used to answer the research questions.
  • Figure 2: An illustrative example of the coding process and theme synthesis for RQ2. The same process was applied for RQ3.
  • Figure 3: Number of AI security reports over time.
  • Figure 4: Distribution of top-5 tasks with potential security-related issues across AI domains. Note: asr - automatic speech recognition, rl - reinforcement learning.
  • Figure 5: Distribution of AI model origin types and associated security issues on Hugging Face.
  • ...and 1 more figures