Every organization now relies on vendors, and every vendor is racing to bolt AI capabilities onto their platforms. While this unlocks new functionality, it also introduces a new and poorly understood supply chain risk surface. When a vendor integrates an AI component that comes with embedding models, vector databases, agentic frameworks and large language models often sourced from multiple third-party providers your organization inherits those risks whether you realize it or not.

This talk breaks down the Risks in AI supply chain in practical scenarios, accessible layers: embedding models, vector DBs, orchestration frameworks, and LLMs. We’ll examine the unique risks introduced at each layer, including data leakage, model poisoning, insecure retrieval pipelines, and opaque third-party dependencies. We will introduce the concept of an AI Bill of Materials (AI BOM) as a visibility mechanism to help organizations understand what AI components their vendors are actually using, where the data flows, and what risks are being inherited.

Finally, we’ll walk through how threat modeling can be applied to AI enabled vendor platforms mapping trust boundaries, identifying misuse scenarios, and prioritizing mitigations. Attendees will leave with a practical framework for evaluating vendor AI risk, questions to ask during procurement, and a repeatable approach for assessing AI supply chain exposure.