T13-AT-011HIGH
Model Marketplace Attacks
T13 · AI Supply Chain & Artifact Trust →Risk score215
RatingHigh
Procedures10
Severity
Mechanism
Model marketplaces (AWS Marketplace, Azure AI Gallery, Google AI Hub, Replicate, HuggingFace Spaces) serve as commercial distribution channels for AI models and applications. They add a *commerce layer* on top of model repositories: pricing, subscriptions, SLAs, and enterprise procurement workflows. The security assumption is that marketplace listing implies some level of vetting.
Detection
- Independent model testing before marketplace deployment
- Marketplace account activity monitoring: detect bot-like rating patterns
- Version pinning and update review before accepting marketplace updates
- API access auditing: monitor marketplace API usage patterns
Mitigation
Independent safety evaluation before marketplace adoptionHIGH
Version pinning with manual update approvalMEDIUM
Marketplace vendor verification programsMEDIUM
Container isolation hardening for marketplace hostingHIGH
Chaining
Open in the technique browser →Model marketplace attacks chain from T13-AT-005 (Model Card Manipulation) through the trust facade and to T13-AT-001 (Model Repository Poisoning) through the distribution channel. Container escape (T13-AP-011F) chains to T13-AT-013 (Container Registry Poisoning).