Dependency Confusion: Supply Chain Attacks on Internal MLOps Tooling
A deep architectural breakdown of how PIP resolves namespaces and how attackers hijack internal MLOps tools via Dependency Confusion.
5 docs tagged with "pypi"
View all tagsSecuring the Dual-Track AI Supply Chain: PyPI and Hugging Face
A deep technical analysis of the dual-track AI supply chain: mitigating index resolution vulnerabilities in Python dependencies and identifying mathematical backdoors in ML artifacts.
The Architectural Danger of .env and .pypirc Leaks
A deep dive into how committing configuration files leads to direct infrastructure compromise and downstream Supply Chain Attacks via PyPI.
The PyTorch Supply Chain Compromise: Dependency Confusion Analysis
An architectural breakdown of the late-2022 PyTorch supply chain attack, detailing pip index resolution flaws and namespace squatting.
Typosquatting in Python: The Architecture of Supply Chain Compromise
A deep architectural breakdown of how Typosquatting exploits the pip installation lifecycle, utilizing setup.py for zero-click Remote Code Execution (RCE) during dependency resolution.