AI's Hidden Supply Chain Risks Exposed

As artificial intelligence systems become integral to high-stakes areas like healthcare, law, and transportation, their complexity often hides critical risks from end-users. Researchers Raymond K. Sheh and Karen Geappen highlight that many organizations adopt AI without fully understanding the web of data sources, models, and services that shape AI outputs, leading to potential failures in trust and safety. This gap is especially dangerous in applications where mistakes can harm public health or property, such as in medical diagnostics or legal judgments. Their work addresses the urgent need for clearer visibility into AI supply chains to prevent issues like biased decisions or system hallucinations that could have real-world consequences.

Sheh and Geappen developed a lightweight taxonomy to categorize entities in the AI supply chain, focusing on four main components: data, models, programs, and infrastructure. Each component includes specific roles, such as data creators who generate information, model hosts that provide access to AI models, and program integrators who configure systems for end-use. This approach builds on the paper's analogy to traditional supply chains, like food manufacturing, where tracking ingredients ensures safety and accountability. By identifying who contributes what, stakeholders can ask the right questions about risks, even if they lack deep AI expertise, making it easier to manage dependencies in complex systems.

Ology involves surveying existing AI risk frameworks, such as the NIST AI Risk Management Framework, and extending them to cover the full lifecycle of AI systems. The researchers propose that entities in the supply chain be classified into roles like data aggregators, who compile datasets, and infrastructure developers, who create hardware and software platforms. For example, in a large language model used for meeting summaries, the taxonomy would trace contributions from training data sources to model hosts, helping to pinpoint where errors like hallucinations or data poisoning might originate. This systematic inventory allows organizations to apply risk controls more effectively, bridging gaps in current governance efforts.

From applying this taxonomy show that it illuminates previously overlooked risks, such as in web-scale datasets where data hosts and creators may be unaware their content is used in AI training. The paper cites examples like data poisoning attacks, where malicious actors exploit split-view or frontrunning s to corrupt datasets, as documented by Carlini et al. (2024). In critical applications, such as a hospital chatbot advising doctors, the taxonomy reveals how multiple models and data sources interact, potentially leading to silent failures if a medical-specific model is unavailable. By mapping these entities, stakeholders can enforce controls, like requiring clear fallback indicators, to mitigate risks and improve system reliability.

Of this research are significant for real-world applications, where AI systems are increasingly deployed without proper oversight. For instance, in legal professions, lack of supply chain visibility has led to problems with AI-generated outputs, as noted in cases by Green, Sheh, and Heaney (2025). By using the taxonomy, organizations can better assess fit-for-purpose, such as ensuring datasets in healthcare AI are free from synthetic data that might degrade model performance over time. This proactive approach fosters trust and enables end-users to make informed decisions, similar to how food labels help consumers avoid allergens, ultimately supporting safer AI integration in society.

However, the taxonomy has limitations, as it does not address all AI risks, such as algorithmic bias or specific model performance issues, focusing instead on supply chain visibility. The paper acknowledges that future work is needed to evaluate its effectiveness in real-world scenarios and integrate it with emerging frameworks like AI Bills of Materials. Additionally, the rapid evolution of AI systems means that new entity types may emerge, requiring updates to the taxonomy. Despite these constraints, the research provides a foundational step toward comprehensive AI risk management, emphasizing the need for ongoing collaboration among researchers, developers, and end-users.