The rapid advancement of large language models (LLMs) has revolutionized artificial intelligence, introducing unprecedented capabilities in natural language processing and multimodal content generation. However, the increasing complexity and scale of these models have given rise to a multifaceted supply chain that presents unique challenges across infrastructure, foundation models, and downstream applications. This paper provides the first comprehensive research agenda of the LLM supply chain, offering a structured approach to identify critical challenges and opportunities through the dual lenses of software engineering (SE) and security & privacy (S\&P). We begin by establishing a clear definition of the LLM supply chain, encompassing its components and dependencies. We then analyze each layer of the supply chain, presenting a vision for robust and secure LLM development, reviewing the current state of practices and technologies, and identifying key challenges and research opportunities. This work aims to bridge the existing research gap in systematically understanding the multifaceted issues within the LLM supply chain, offering valuable insights to guide future efforts in this rapidly evolving domain.

翻译：大语言模型（LLMs）的快速发展已经彻底改变了人工智能领域，在自然语言处理和多模态内容生成方面引入了前所未有的能力。然而，这些模型日益增长的复杂性和规模催生了一个多层面的供应链，该链在基础设施、基础模型和下游应用方面带来了独特的挑战。本文首次提出了关于LLM供应链的全面研究议程，通过软件工程（SE）与安全及隐私（S&P）的双重视角，提供了一种结构化的方法来识别关键挑战与机遇。我们首先界定了LLM供应链的明确定义，涵盖其组成部分和依赖关系。随后，我们分析了供应链的每一层，提出了构建稳健且安全的LLM开发的愿景，回顾了当前实践与技术的现状，并指出了关键挑战与研究机遇。本工作旨在弥合现有研究中在系统性理解LLM供应链内多层面问题方面的空白，为引导这一快速演进领域的未来努力提供有价值的见解。