PUBLISHED DATE: 6 March 2026
This joint guidance recognises that adopting Artificial Intelligence (AI) and machine learning (ML) systems introduces unique supply chain risks, which can threaten the cyber security of an organisation if not securely managed.
The AI and ML supply chain is complex. Organisations, vendors or service providers often need to source or manage various components. Such as:
- AI Data,
- Machine Learning Models,
- AI Software,
- AI Infrastructure and hardware,
- Third party services.
This guidance looks at each of these vulnerabilities and risks that a malicious actor could exploit to compromise the confidentiality, integrity or availability of a system, and provides mitigations solutions to put in place.
The guidance encourages organisations to combine cyber security best practices and the mitigations in this guidance as part of a defence-in-depth strategy. Organisations will reduce their attack surface and strengthen the overall resilience of their AI and ML supply chain.
Artificial intelligence and machine learning - Supply chain risks and mitigations [PDF, 664 KB]
For questions related to this guidance, email info@ncsc.govt.nz.