Why AI Supply Chain Security Isn't What You Think It Is

AI has changed what a supply chain actually is, and enterprise security leaders already know it.

When Acuvity surveyed 275 enterprise security leaders for our latest State of AI Security report, we asked them about everything from governance maturity to incident expectations to ownership structures. But one set of findings stood out: when we asked specifically about AI supply chain risks and investment priorities, their answers diverged sharply from how vendors, analysts, and industry commentators have been framing the problem.

The Data Tells a Different Story

AI supply chain security emerged as the number one investment priority, with 31% of organizations directing their largest security budgets toward this area over the next twelve months. That level of spending commitment represents one of the most significant shifts in enterprise security investment in decades. But the real story isn’t the spending itself. The real story is what organizations actually worry about when they think about their AI supply chains.

When we asked security leaders to identify the greatest risks within their AI supply chains, data sources and embeddings ranked first at 31%. External APIs and SaaS-embedded AI features followed closely at 29%. Plugins and extensions captured 16% of concern. Model sourcing and provenance, the topic that dominates conference panels and vendor marketing, ranked fourth at just 13%. Orchestration layers and agents trailed at 9%.

The industry conversation focuses on provenance. Practitioners are worried about runtime.

The Supply Chain Has Expanded, But Frameworks Haven’t

The concept of AI supply chain security remains poorly defined across the industry. Most current approaches either borrow from traditional software supply chain models or narrowly scope security to known vulnerabilities in AI models. Model sourcing and provenance matter for mitigating risks like backdoors and poisoning attacks, but they ranked fourth in practitioner concerns for a reason.

Practitioners have expanded their mental model of what constitutes the AI supply chain. They’re moving beyond isolated tool management toward comprehensive oversight that encompasses models, datasets, agents, plugins, APIs, and SaaS AI features. They selected AI supply chain security as their top investment priority even as they identified runtime as their most vulnerable phase. They’ve connected these concepts themselves.

Some will argue this is category expansion, vendors stretching definitions to match their products. But the data didn’t come from a vendor’s wishlist. It came from practitioners naming their own priorities. Whether you call it AI supply chain security or something else, organizations are investing heavily in risks that existing frameworks don’t address, and that gap demands attention regardless of how the industry chooses to label it.

Runtime Is Where Practitioner Anxiety Lives

When we asked about vulnerability across the AI lifecycle, 38% of security leaders identified runtime as their most vulnerable phase, making it the top response. An additional 27% viewed risks as spanning the entire supply chain from sourcing through runtime deployment. Only 13% cited dataset integrity and contamination, and just 12% pointed to model provenance and sourcing risk.

Pre-deployment concerns like model provenance aren’t unimportant. But practitioners feel most exposed at runtime, and the frameworks they’re being offered don’t reflect that.

What the AI Supply Chain Actually Includes

The AI supply chain includes elements that didn’t exist in traditional models: autonomous agents that access multiple systems, embeddings that process and potentially retain sensitive data, APIs that enable real-time AI capabilities across enterprise applications, and SaaS-embedded features that activate without explicit user awareness.

These elements create security implications that only become visible in production. The 29% of organizations concerned about external APIs and SaaS AI features are telling us that one-time validation isn’t sufficient. They need ongoing visibility into what AI capabilities are doing with enterprise data during actual operation.

What This Means for Security Programs

Organizations investing heavily in AI supply chain security over the next twelve months will discover a tension between what they’re worried about and what’s available to address it. The vendors and frameworks they encounter will largely offer variations on traditional supply chain thinking. The risks that occupy most of their attention will emerge at runtime.

Closing that gap requires acknowledging that practitioners have already expanded their understanding of what AI supply chain security means. The organizations that build security programs reflecting this broader definition will protect AI as it actually operates. Those that limit their focus to legacy framework boundaries will find themselves investing in defenses that don’t address where their teams feel most exposed.

The Path Forward

The data tells us what enterprises already understand intuitively. AI supply chains are dynamic, and fundamentally unlike the software dependencies that have driven the industry’s existing frameworks. Security leaders aren’t confused about where their risks live. They’ve already redefined what the supply chain includes.

The question now is whether the security industry will catch up.

2025 State of AI Security

What the latest data reveals about AI security risks, investment priorities, and the biggest threats ahead.

GET THE REPORT