How do I prevent AI agent supply chain attacks?
AI agent supply chain attacks compromise the tools, libraries, models, or data sources that agents depend on — injecting malicious behavior through trusted dependencies rather than attacking the agent directly.
Attack vectors in the AI agent supply chain:
- Compromised MCP servers: A third-party tool server is updated with malicious tool descriptions that manipulate agent behavior
- Poisoned model weights: Fine-tuned models from public registries contain backdoors that activate on specific inputs
- Malicious Python packages: Agent framework dependencies (LangChain plugins, CrewAI tools) contain hidden code execution
- Compromised RAG data sources: External data feeds used for retrieval are poisoned with prompt injection payloads
- API endpoint hijacking: DNS poisoning or MITM attacks redirect agent API calls to attacker-controlled servers
Exogram defends against supply chain attacks at the execution boundary. Even if a compromised dependency causes the agent to propose malicious actions, the deterministic policy engine evaluates the actual action — not its origin. Gate 7 (API exfiltration) blocks calls to untrusted domains. Gate 5 (compute execution) blocks unauthorized code execution. The supply chain is untrusted. The governance layer validates everything.
Related Glossary Terms
Ready to secure your AI infrastructure?
Deploy deterministic execution governance on your AI agents — 500 free API calls, no credit card.