Jeff Weber · Security Engineering Leader
Sign in
ai-security

Hardening the LLM Supply Chain

Implemented provenance tracking and secret scanning across the LLM lifecycle for a Fortune 100 fintech.

ai-securitysupply-chaingovernance

Results

ROI
7.3x tooling ROI
Compliance
SOC2 Type II + internal AI risk controls
Blocked Leaks
14 leaked prompts contained before production

Test

We built a secure software factory for model artefacts so downstream product teams could adopt generative tooling with confidence.

Capabilities delivered

  • End-to-end SBOM generation and attestation for model weights and prompt libraries.
  • Secrets scanning across repositories, S3 buckets, and LangChain orchestrations.
  • Automated risk scoring for third-party datasets and plug-ins.

Outcomes

  • Reduced manual review time by 7.3× while increasing coverage of compliance controls.
  • Blocked 14 leaked prompts before they reached production endpoints.

Lessons learned

Treat models like high-value microservices: version them, attest them, and observe them. Security teams earn trust when controls are transparent and self-service for builders.

Related projects

AI Threat Monitoring Platform
Built a real-time anomaly detection pipeline for LLM misuse across enterprise chat interfaces.