Description

As artificial intelligence systems increasingly depend on complex software pipelines, pre-trained components, and third-party artifacts, weaknesses in the software supply chain have become a direct source of model risk. Traditional application security controls are no longer sufficient for protecting AI systems.

Secure Software Supply for AI connects modern software supply chain security practices with the realities of machine learning and model deployment. Written for DevSecOps, security, and platform engineering leaders, this book explains why frameworks such as SLSA and SBOM are essential for managing AI-related risk.

This volume translates supply chain security concepts into practical steps for AI environments, focusing on how to secure model artifacts, training pipelines, dependencies, and deployment workflows. It bridges the gap between software assurance and model governance.

Key areas covered include:

How software supply chain threats impact AI models Applying SLSA principles to training and inference pipelines Building and maintaining SBOMs for model artifacts Securing dependencies, tooling, and build environments Linking supply chain controls to model risk management Evidence and controls auditors and regulators expect to see

Designed for organizations operating AI at scale, this book provides a strategic yet actionable roadmap for integrating supply chain security into AI governance, reducing exposure to tampering, integrity failures, and downstream operational risk.