AI Supply Chain Vulnerabilities Explode
Key Questions
What supply chain attack targeted OpenAI Codex?
Authentication tokens were stolen via a malicious codexui-android npm package in a supply chain attack on OpenAI development environments.
What is the BadBone backdoor and its impact?
BadBone is a backdoor that evades six different defenses, highlighting gaps in current AI supply chain protections.
What does the JFrog report reveal about malicious AI components?
The report notes a 451% surge in npm attacks, 495 malicious models on Hugging Face, and 53% of organizations pulling from public registries.
What sabotage was planted by a German developer?
A German developer inserted sabotage code into open-source components, underscoring risks in the AI software supply chain.
What new attacks target AI models and ecosystems?
New attacks including Symjack and AIEO poisoning have been reported alongside persistent remediation bottlenecks in AI supply chains.
OpenAI Codex authentication tokens stolen in codexui-android npm supply chain attack. BadBone backdoor evades six defenses. JFrog report: 451% npm surge, 495 malicious models on Hugging Face, 53% of orgs pulling from public registries. German developer planted sabotage code. Remediation bottleneck persists. New attacks: Symjack attack and AIEO poisoning reported. New: Hugging Face RCE vulnerability bypasses trust_remote_code=False via config injection, 232M downloads affected.