The rapid growth of Artificial Intelligence (AI) models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known about what security issues are commonly encountered and how they are resolved in practice. This gap hinders the development of effective security measures for each component of the AI supply chain. We bridge this gap by conducting an empirical investigation of developer-reported issues and solutions, based on discussions from Hugging Face and GitHub. To identify security-related discussions, we develop a pipeline that combines keyword matching with an optimal fine-tuned distilBERT classifier, which achieved the best performance in our extensive comparison of various deep learning and large language models. This pipeline produces a dataset of 312,868 security discussions, providing insights into the security reporting practices of AI applications and projects. We conduct a thematic analysis of 753 posts sampled from our dataset and uncover a fine-grained taxonomy of 32 security issues and 24 solutions across four themes: (1) System and Software, (2) External Tools and Ecosystem, (3) Model, and (4) Data. We reveal that many security issues arise from the complex dependencies and black-box nature of AI components. Notably, challenges related to Models and Data often lack concrete solutions. Our insights can offer evidence-based guidance for developers and researchers to address real-world security threats across the AI supply chain.

翻译：人工智能（AI）模型与应用的快速增长导致安全态势日益复杂。人工智能项目的开发者不仅需要应对传统的软件供应链问题，还必须处理新型的、AI特有的安全威胁。然而，目前对于实践中常见的安全问题类型及其解决方式知之甚少。这一认知缺口阻碍了针对AI供应链各环节制定有效安全措施的进程。我们基于Hugging Face和GitHub上的讨论，对开发者报告的问题与解决方案进行了实证研究，以弥合这一缺口。为识别安全相关讨论，我们开发了一个结合关键词匹配与最优微调distilBERT分类器的处理流程；该分类器在我们对各种深度学习及大语言模型的广泛比较中取得了最佳性能。此流程生成了一个包含312,868条安全讨论的数据集，为理解AI应用与项目的安全报告实践提供了洞见。我们从数据集中抽样753条帖子进行了主题分析，并构建了一个细粒度的分类体系，涵盖四大主题：（1）系统与软件，（2）外部工具与生态系统，（3）模型，以及（4）数据；共归纳出32类安全问题和24类解决方案。我们发现，许多安全问题源于AI组件复杂的依赖关系及其黑盒特性。值得注意的是，与模型和数据相关的挑战往往缺乏具体的解决方案。我们的研究结果可为开发者和研究人员提供基于实证的指导，以应对AI供应链中现实存在的安全威胁。