{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T19:09:58Z","timestamp":1772910598977,"version":"3.50.1"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","license":[{"start":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T00:00:00Z","timestamp":1748304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"abstract":"<jats:p>Unveiling the dark side.<\/jats:p>","DOI":"10.1145\/3704724","type":"journal-article","created":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T14:44:13Z","timestamp":1748357053000},"update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Malicious AI Models Undermine Software Supply-Chain Security"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7738-2890","authenticated-orcid":false,"given":"Aditya K.","family":"Sood","sequence":"first","affiliation":[{"name":"Aryaka, Security Engineering and AI Strategy, Santa Clara, California, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5982-8190","authenticated-orcid":false,"given":"Sherali","family":"Zeadally","sequence":"additional","affiliation":[{"name":"University of Kentucky, College of Communication and Information, Lexington, Kentucky, United States"},{"name":"Kyung Hee University, Department of Electronic Engineering, Seoul, Republic of Korea"}]}],"member":"320","published-online":{"date-parts":[[2025,5,27]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"crossref","unstructured":"Alkhadra R. et al. Solar winds hack: In-depth analysis and countermeasures. In Proceedings of the 12th Intern. Conf. on Computing Communication and Networking Technologies (2021).","DOI":"10.1109\/ICCCNT51525.2021.9579611"},{"key":"e_1_3_1_3_2","unstructured":"Berk R. Artificial intelligence predictive policing and risk assessment for law enforcement. Ann. Rev. Criminology (2021); https:\/\/tinyurl.com\/2aocr487"},{"key":"e_1_3_1_4_2","unstructured":"Beck D. MITRE\u2014Attack flow beyond atomic behaviors. In Proceedings of the Ann. Forum of Incident Response and Security Teams Conf. (2022); https:\/\/tinyurl.com\/26zq85dj"},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","unstructured":"Boughton L. et al. Decomposing and measuring trust in open-source software supply chains. In Proceedings of the ACM\/IEEE 44th Intern. Conf. on Software Engineering: New Ideas and Emerging Results (2024).","DOI":"10.1145\/3639476.3639775"},{"key":"e_1_3_1_6_2","doi-asserted-by":"crossref","unstructured":"Biggio B. and Roli F. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition (2017).","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"e_1_3_1_7_2","unstructured":"Cohen D. Data scientists targeted by malicious hugging face ML models with silent backdoor (2024); https:\/\/tinyurl.com\/23s8sfux"},{"key":"e_1_3_1_8_2","unstructured":"Clancy C. et al. Deliver uncompromised: Securing critical software supply chains. MITRE report (2021); https:\/\/tinyurl.com\/28gpgfaq"},{"key":"e_1_3_1_9_2","unstructured":"Cortex certifAI; https:\/\/tinyurl.com\/276wdqhq"},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","unstructured":"Cotroneo D. et al. Vulnerabilities in AI code generators: Exploring targeted data poisoning attacks. In Proceedings of the 32nd IEEE\/ACM Intern. Conf. on Program Comprehension (2024).","DOI":"10.1145\/3643916.3644416"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3477314.3507315"},{"key":"e_1_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Fredrikson M. et al. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conf. Computer and Communications Security (2015).","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","unstructured":"Gal-Or. E. et al. Merchants of vulnerabilities: How bug bounty programs benefit software Vendors. arXiv (2024); https:\/\/tinyurl.com\/22e9hmxv.","DOI":"10.2139\/ssrn.4808742"},{"key":"e_1_3_1_14_2","doi-asserted-by":"crossref","unstructured":"Gauthier F. and Bae S. Runtime prevention of deserialization attacks. In Proceedings of the ACM\/IEEE 44th Intern. Conf. on Software Engineering: New Ideas and Emerging Results (2022).","DOI":"10.1145\/3510455.3512786"},{"key":"e_1_3_1_15_2","unstructured":"Gu T. et al. BadNets: Identifying vulnerabilities in the machine learning model supply chain. Accessed: June 7 2024; https:\/\/tinyurl.com\/2xpq38na"},{"key":"e_1_3_1_16_2","doi-asserted-by":"crossref","unstructured":"Hu X. et al. BAYWATCH: Robust beaconing detection to identify infected hosts in large-scale enterprise networks. In Proceedings of the 46th Ann. IEEE\/IFIP Intern. Conf. on Dependable Systems and Networks (2016).","DOI":"10.1109\/DSN.2016.50"},{"key":"e_1_3_1_17_2","unstructured":"Hugging Face safetensors; https:\/\/tinyurl.com\/2785p7ml"},{"key":"e_1_3_1_18_2","doi-asserted-by":"crossref","unstructured":"John M. et al. AI deployment architecture: Multi-case study for key factor identification. In Proceedings of the 27th Asia-Pacific Software Engineering Conf. (2020) 395-404.","DOI":"10.1109\/APSEC51365.2020.00048"},{"key":"e_1_3_1_19_2","doi-asserted-by":"crossref","unstructured":"Lindorfer M. et al. Lines of malicious code: Insights into the malicious software industry. In Proceedings of the 28th Annual Computer Security Applications Conf. (2012).","DOI":"10.1145\/2420950.2421001"},{"key":"e_1_3_1_20_2","doi-asserted-by":"crossref","unstructured":"Liu Y. et al. Trojaning attack on neural networks. In Proceedings of the Network and Distributed Systems Security Symp. (2018).","DOI":"10.14722\/ndss.2018.23291"},{"key":"e_1_3_1_21_2","doi-asserted-by":"crossref","unstructured":"Matsui B.M.A. and Goya D.H. MLOps: A guide to its adoption in the context of responsible AI. In Proceedings of the 1st Workshop on Software Engineering for Responsible AI (2022).","DOI":"10.1145\/3526073.3527591"},{"key":"e_1_3_1_22_2","unstructured":"Microsoft\u2019s counterfit tool; https:\/\/tinyurl.com\/23xul8s5"},{"key":"e_1_3_1_23_2","unstructured":"Milanov B. Exploiting ML models with pickle file attacks: Part 1\u00a0(2024); https:\/\/tinyurl.com\/2ajjngcl."},{"key":"e_1_3_1_24_2","unstructured":"Milanov B. Exploiting ML models with pickle file attacks: Part 2\u00a0(2024); https:\/\/tinyurl.com\/23ms8qs5."},{"key":"e_1_3_1_25_2","doi-asserted-by":"crossref","unstructured":"Ohm M. and Stuke C. SoK: Practical detection of software supply chain attacks. In Proceedings of the 18th Intern. Conf. on Availability Reliability and Security (2023).","DOI":"10.1145\/3600160.3600162"},{"key":"e_1_3_1_26_2","unstructured":"Rashid F. Operation ShadowHammer exploited weaknesses in the software pipeline. IEEE Spectrum (2019); https:\/\/tinyurl.com\/22rm2h2n"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2023.3343836"},{"key":"e_1_3_1_28_2","doi-asserted-by":"crossref","unstructured":"Stalnaker T. et al. BOMs away! Inside the minds of stakeholders: A comprehensive study of bills of materials for software systems. In Proceedings of the IEEE\/ACM 46th Intern. Conf. on Software Engineering (2024).","DOI":"10.1145\/3597503.3623347"},{"key":"e_1_3_1_29_2","doi-asserted-by":"crossref","unstructured":"Shokri R. et al. Membership inference attacks against machine learning models. In Proceedings of the 2017 IEEE Symp. on Security and Privacy (2017).","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_1_30_2","unstructured":"Seshia Sanjit A. et al. Toward verified artificial intelligence. Commun. ACM (2022); https:\/\/tinyurl.com\/28o4gmwl"},{"key":"e_1_3_1_31_2","unstructured":"Trusted-AI adversarial robustness toolbox; https:\/\/tinyurl.com\/yyp9ypn8"},{"key":"e_1_3_1_32_2","unstructured":"Wing J. Trustworthy AI. Commun. ACM (2021); https:\/\/tinyurl.com\/29etpo9h"},{"key":"e_1_3_1_33_2","doi-asserted-by":"crossref","unstructured":"Xiao F. et al. Understanding and mitigating remote code execution vulnerabilities in cross-platform ecosystem. In Proceedings of the 2022 ACM SIGSAC Conf. on Computer and Communications Security (2022).","DOI":"10.1145\/3548606.3559340"},{"key":"e_1_3_1_34_2","unstructured":"Yin H. et al. HookFinder: Identifying and understanding malware hooking behaviors. In Proceedings of the Network and Distributed System Security Symp. (2008)."},{"key":"e_1_3_1_35_2","doi-asserted-by":"crossref","unstructured":"Zhao L. et al. Software composition analysis for vulnerability detection: An empirical study on Java projects. In Proceedings of the 31st ACM Joint European Software Engineering Conf. and Symp. on the Foundations of Software Engineering (2023).","DOI":"10.1145\/3611643.3616299"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3704724","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3704724","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:58Z","timestamp":1750295878000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3704724"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,27]]},"references-count":34,"alternative-id":["10.1145\/3704724"],"URL":"https:\/\/doi.org\/10.1145\/3704724","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,27]]},"assertion":[{"value":"2024-06-22","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-05-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"3704724"}}