// GLOSSARY -- SECURITY & COMPLIANCE

What is a Supply Chain Attack?

1 min read Updated

A supply chain attack compromises software by targeting its dependencies, build tools, or distribution channels — injecting malicious code through trusted third-party components rather than attacking the target directly.

WHY IT MATTERS

Modern software is built on layers of dependencies. An AI agent might depend on an LLM SDK, a blockchain library, a wallet library, and dozens of transitive dependencies. Compromising any one of these compromises every application that uses it.

In crypto, supply chain attacks are particularly devastating. The Ledger Connect Kit exploit (2023) injected a wallet drainer into a widely-used JavaScript library, draining funds from users across multiple dApps. The attack surface is massive — npm, pip, and cargo packages are all potential vectors.

For AI agents, the supply chain includes LLM providers (a compromised API could manipulate agent behavior), tool implementations (malicious MCP servers), framework libraries, and key management SDKs. Each dependency is a trust boundary.

HOW POLICYLAYER USES THIS

PolicyLayer defends against supply chain attacks that might compromise agent spending behavior. Even if a dependency is compromised and the agent is manipulated, PolicyLayer's independently-enforced spending limits prevent unauthorized fund transfers.

FREQUENTLY ASKED QUESTIONS

How do supply chain attacks target crypto agents?
Common vectors: compromised npm packages in the agent's dependencies, malicious MCP tools, manipulated LLM provider responses, poisoned Docker base images, and compromised CI/CD pipelines that inject malicious code during builds.
How do you defend against supply chain attacks?
Lock dependency versions, audit dependencies, use reproducible builds, minimize dependency count, monitor for suspicious changes, and use defense-in-depth (spending controls protect even if the agent is compromised).
Is the LLM provider a supply chain risk?
Yes. If the LLM provider is compromised or returns manipulated responses, the agent's behavior changes. This is a form of supply chain attack specific to AI systems. Using multiple providers or local models provides redundancy.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.