The Low-Rank Supply Chain
Adapter supply-chain risk sits between full model weights and ordinary configuration. Adapters are small enough to be treated as plugins, but powerful enough to alter model behavior. Research on LoRA-based attacks and composition-triggered vulnerabilities supports the need for adapter-specific provenance and composition testing.
Why ordinary dependency thinking is incomplete
A software library usually executes code. A model adapter changes a learned function. It may have no obvious procedural logic to inspect. Its effect is expressed only through a base model and runtime context. That makes familiar supply-chain review necessary but incomplete.
Supplier diversity and evaluator diversity
Multiple suppliers can reduce dependence on one vendor. They can also increase incompatibilities, hidden assumptions, and correlated blind spots if suppliers draw from the same base models, datasets, benchmarks, or evaluation tooling.
Required controls
- signed adapter packages;
- source registry records;
- base-family compatibility hashes;
- declared training-data provenance where available;
- tested composition manifests;
- deny-by-default tool permissions;
- independent evaluator review for third-party adapters;
- retirement records for rejected or deprecated adapters.
The supply chain between the weights is not a footnote. In an adaptive ecology, it is one of the places behavior moves.