The AI ecosystem's rapid growth brings specific challenges in securing the supply chains that support AI applications, particularly focusing on software and data artifacts like training datasets, pre-trained models, and third-party libraries. The text discusses how attackers exploit these vulnerabilities by targeting AI-specific resources, often employing tactics outlined in MITRE's ATLAS framework. Attackers develop and stage attacks outside organizational visibility, making it difficult to detect early threats. They gain initial access by exploiting supply chain components, sometimes embedding malware in AI models to control affected systems. The need for comprehensive security measures is emphasized, including maintaining visibility into supply chain artifacts and employing vulnerability scanning tools to detect risks. Additionally, the importance of setting guardrails around the access and sharing of AI libraries and data is highlighted to prevent unauthorized use. The text underscores the necessity for organizations to proactively monitor AI artifacts to mitigate the risks posed by potentially vulnerable third-party packages as the AI landscape continues to evolve.