Malicious Pull Requests Compromise AI and Developer Toolchains via CI/CD Flaws
A campaign dubbed 'Cordyceps' is exploiting weaknesses in CI/CD workflows to inject malicious pull requests into high-profile open-source projects, including Google's AI Agent Development Kit and …
AML.T0010 - ML Supply Chain Compromise
AML.T0020 - Poison Training Data
AML.T0018 - Backdoor ML Model