Definition
An attack where vulnerabilities in AI SDK or client libraries allow an attacker to intercept, modify, or replace machine learning models during development or deployment. The attacker can inject malicious code into a model before it reaches production, ensuring the poisoned model executes in the victim's environment.
Why it matters
SDKs are assumed to be trusted infrastructure, yet they are rarely audited by security teams. A poisoned model uploaded via a compromised SDK reaches production with a legitimate developer's digital signature, making detection nearly impossible and affecting all downstream users of that model.