"INFO: Cloud Security Alliance Publishes Second Research Note on AI/ML Supply Chain Risk The Cloud Security Alliance AI Safety Initiative published a research note on March 29 framing the TeamPCP campaign as a structural shift in adversary methodology -- from opportunistic typosquatting to deliberate pipeline compromise of trusted [AI/ML] packages."
The noteworthy bit:
"INFO: Cloud Security Alliance Publishes Second Research Note on AI/ML Supply Chain Risk The Cloud Security Alliance AI Safety Initiative published a research note on March 29 framing the TeamPCP campaign as a structural shift in adversary methodology -- from opportunistic typosquatting to deliberate pipeline compromise of trusted [AI/ML] packages."
I put AI/ML in square brackets because of:
https://news.ycombinator.com/item?id=47582220
Seems to be the wrong link. Was able to find the correct link but the one presented just routes to a guide on data exfiltration.
Sorry, here is the correct one:
https://isc.sans.edu/diary/rss/32846