T13-AT-010CRITICAL

Hardware Supply Chain

T13 · AI Supply Chain & Artifact Trust →

Risk score260

RatingCritical

Procedures10

Severity

Mechanism

Hardware supply chain attacks target the physical and firmware layer below all software defenses. A compromised GPU driver, TPU firmware, or accelerator can manipulate computations at a level that is invisible to all software-level security controls. The attack surface includes: GPU driver modification (CUDA drivers execute with kernel privileges), accelerator firmware backdoors (NPU/TPU firmware is opaque binary code), hardware random number generator manipulation (affecting initialization, dropout, and stochastic training), side-channel leakage through hardware timing/power/electromagnetic emanation, and hardware trojan insertion during chip fabrication.

Detection

Firmware integrity verification against vendor-signed baselines
Hardware attestation using TPM (Trusted Platform Module)
Side-channel monitoring: detect anomalous power consumption or electromagnetic emissions during computation
Supply chain tracking: maintain chain-of-custody for AI hardware from manufacture to deployment

Mitigation

Hardware attestation and secure bootHIGH

Vendor-diversified hardware procurementMEDIUM

Confidential computing with hardware TEEsMEDIUM

Physical security for AI hardware facilitiesHIGH

Chaining

Hardware supply chain attacks undermine all other defenses and therefore chain to every technique by removing the security guarantees that other mitigations depend on. GPU driver backdoors (T13-AP-010A) make T13-AT-006 (Checkpoint Poisoning) mitigations irrelevant.

Open in the technique browser →