An Analysis of Real-World Vulnerabilities and Root Causes in the LLM Supply Chain
Resumo
Generative Artificial Intelligence (GenAI) libraries are increasingly foundational in modern applications, with special attention to Large Language Models (LLMs), yet they exhibit evolving security vulnerabilities that necessitate comprehensive analysis. In this study, we analyze 719 CVEs disclosed for 93 LLM-related libraries (from 2019 to 2024), revealing that more than 37% of libraries have at least one CVE, and that an alarming 62% of vulnerabilities are of high or critical severity, demanding immediate action. Our findings aim to inform actionable recommendations that strengthen security practices and ensure the safe deployment of GenAI technologies.Referências
Borges, H., Hora, A., and Valente, M. T. (2016). Understanding the factors that impact the popularity of github repositories. In 2016 IEEE ICSME, pages 334–344.
CISA (2025). AI Cybersecurity Collaboration Playbook. Technical report, Cybersecurity and Infrastructure Security Agency. Available at [link]. Accessed 2025-07-21.
Cui, J., Xu, Y., Huang, Z., Zhou, S., Jiao, J., and Zhang, J. (2024a). Recent advances in attack and defense approaches of large language models. arXiv preprint arXiv:2409.03274.
Cui, T., Wang, Y., Fu, C., Xiao, Y., Li, S., Deng, X., Liu, Y., Zhang, Q., Qiu, Z., Li, P., et al. (2024b). Risk taxonomy, mitigation, and assessment benchmarks of large language model systems. arXiv preprint arXiv:2401.05778.
Haddad, A., Aaraj, N., Nakov, P., and Mare, S. F. (2023). Automated mapping of cve vulnerability records to mitre cwe weaknesses. arXiv preprint arXiv:2304.11130.
Hu, Y., Zhang, J., Bai, X., Yu, S., and Yang, Z. (2016). Influence analysis of github repositories. SpringerPlus, 5:1–19.
Huang, K., Chen, B., Lu, Y., Wu, S., Wang, D., Huang, Y., Jiang, H., Zhou, Z., Cao, J., and Peng, X. (2024). Lifting the veil on the large language model supply chain: Composition, risks, and mitigations. arXiv preprint arXiv:2410.21218.
MITRE (2025). CWE - Common Weakness Enumeration. Available at [link]. Accessed: 2025-07-21.
NIST (2022). Secure software development framework (ssdf) version 1.1: Recommendations for mitigating the risk of software vulnerabilities. NIST Special Publication 800-218, National Institute of Standards and Technology.
NIST (2024a). Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. Technical Report 100-2 E2023, National Institute of Standards and Technology.
NIST (2024b). Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. Technical Report 600-1, National Institute of Standards and Technology.
OWASP (2024). OWASP top 10 proactive controls: Top 10 2024. Available at [link]. Accessed: 2025-07-21.
Shi, Z., Matyunin, N., Graffi, K., and Starobinski, D. (2024). Uncovering CWE-CVE-CPE relations with threat knowledge graphs. ACM Trans. Priv. Secur., 27(1).
Suresh, H. and Guttag, J. V. (2021). A framework for understanding sources of harm throughout the machine learning life cycle. In EAAMO ’21. ACM.
Yao, Y., Duan, J., Xu, K., Cai, Y., Sun, Z., and Zhang, Y. (2024). A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing, 4(2):100211.
CISA (2025). AI Cybersecurity Collaboration Playbook. Technical report, Cybersecurity and Infrastructure Security Agency. Available at [link]. Accessed 2025-07-21.
Cui, J., Xu, Y., Huang, Z., Zhou, S., Jiao, J., and Zhang, J. (2024a). Recent advances in attack and defense approaches of large language models. arXiv preprint arXiv:2409.03274.
Cui, T., Wang, Y., Fu, C., Xiao, Y., Li, S., Deng, X., Liu, Y., Zhang, Q., Qiu, Z., Li, P., et al. (2024b). Risk taxonomy, mitigation, and assessment benchmarks of large language model systems. arXiv preprint arXiv:2401.05778.
Haddad, A., Aaraj, N., Nakov, P., and Mare, S. F. (2023). Automated mapping of cve vulnerability records to mitre cwe weaknesses. arXiv preprint arXiv:2304.11130.
Hu, Y., Zhang, J., Bai, X., Yu, S., and Yang, Z. (2016). Influence analysis of github repositories. SpringerPlus, 5:1–19.
Huang, K., Chen, B., Lu, Y., Wu, S., Wang, D., Huang, Y., Jiang, H., Zhou, Z., Cao, J., and Peng, X. (2024). Lifting the veil on the large language model supply chain: Composition, risks, and mitigations. arXiv preprint arXiv:2410.21218.
MITRE (2025). CWE - Common Weakness Enumeration. Available at [link]. Accessed: 2025-07-21.
NIST (2022). Secure software development framework (ssdf) version 1.1: Recommendations for mitigating the risk of software vulnerabilities. NIST Special Publication 800-218, National Institute of Standards and Technology.
NIST (2024a). Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. Technical Report 100-2 E2023, National Institute of Standards and Technology.
NIST (2024b). Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. Technical Report 600-1, National Institute of Standards and Technology.
OWASP (2024). OWASP top 10 proactive controls: Top 10 2024. Available at [link]. Accessed: 2025-07-21.
Shi, Z., Matyunin, N., Graffi, K., and Starobinski, D. (2024). Uncovering CWE-CVE-CPE relations with threat knowledge graphs. ACM Trans. Priv. Secur., 27(1).
Suresh, H. and Guttag, J. V. (2021). A framework for understanding sources of harm throughout the machine learning life cycle. In EAAMO ’21. ACM.
Yao, Y., Duan, J., Xu, K., Cai, Y., Sun, Z., and Zhang, Y. (2024). A survey on large language model (llm) security and privacy: The good, the bad, and the ugly. High-Confidence Computing, 4(2):100211.
Publicado
01/09/2025
Como Citar
MOIA, Vitor Hugo Galhardo; MENESES, Rodrigo Duarte de; SANZ, Igor Jochem.
An Analysis of Real-World Vulnerabilities and Root Causes in the LLM Supply Chain. In: TRILHA DE INTERAÇÃO COM A INDÚSTRIA E DE INOVAÇÃO - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 388-396.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.11811.
