This research exposes critical security gaps in the development and deployment lifecycle of Large Language Models, analyzing 529 vulnerabilities across 75 projects.

• Root Causes: Identifies improper resource control and neutralization as primary vulnerability sources
• Expanded Focus: Moves beyond content safety to examine infrastructure vulnerabilities
• Supply Chain Risks: Documents security challenges across the entire LLM development pipeline
• Mitigation Strategies: Provides frameworks for addressing these overlooked security issues

For security professionals, this research highlights that securing LLMs requires attention not just to model outputs but to the entire technology stack and development process.

SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain