LLM03: Supply Chain
OWASP LLM Top 10 (2025)
Risk propagates from upstream models, datasets, plug-ins, and vendors.
What this risk means
Integrators inherit the risk profile of every upstream foundation model, dataset, and plug-in they consume. A weakness in OpenAI, Anthropic, or a popular open-weight checkpoint cascades to thousands of dependent products.
How TrustAtlas dimensions address it
Dependency-chain scoring is the direct measure of upstream model risk inheritance; business stability covers vendor solvency and acquisition risk along the chain; security covers third-party audit and SBOM-equivalent disclosure.
See methodology for how each dimension is scored across the catalog.
Questions to ask vendors
Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.
- Which foundation models, fine-tunes, and open-weight checkpoints do you depend on? Provide a current model/dataset SBOM-equivalent.
- If your primary upstream model provider has a multi-day outage, what is your fallback path and how is feature-parity tested?
- How are model and dataset versions pinned per customer, and what is your notification window for upstream changes?
- What is your contingency if an upstream model is deprecated or its terms change mid-contract?
Related
- Back to the full OWASP LLM Top 10 cross-walk
- NIST AI RMF cross-walk — the U.S. enterprise companion framework
- TrustAtlas methodology — how the 8 risk dimensions are scored
- Browse the vendor directory and filter by the dimensions tied to this risk