S0108Critical

模型更新推送篡改

Deployment

Risk Description

Attackers compromise model update push channels, replacing legitimate model updates with maliciously modified versions. As many AI systems configure automatic model update mechanisms, malicious models may auto-deploy to production without manual review. This attack resembles SolarWinds-style software supply chain attacks but targets AI model update pipelines.

Framework Mappings

iso 23894R4
cosaiModel Source Tampering
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 簽章驗證
  • 分階段部署

Implementation Steps English translation pending

  1. 對所有模型更新實施數位簽章驗證
  2. 採用分階段部署策略(canary deployment),逐步推送並監控異常
  3. 建立模型回滾機制,能在發現問題時快速恢復
  4. 對模型更新通道實施端對端加密和存取控制