Australia: Australian Signals Directorate adopted guidance on artificial intelligence and machine learning concerning supply chain risks and mitigation

On 16 October 2025, the Australian Signals Directorate (ASD) issued guidance on artificial intelligence (AI) and machine learning (ML), focusing on supply chain risks and mitigation. The guidance addressed to organisations and personnel involved in the development or deployment of AI and ML systems and components. It highlights potential vulnerabilities across the AI/ML supply chain, covering AI data, ML models, AI software, infrastructure and hardware, and third-party services. Specific data risks include low-quality or biased datasets, data poisoning, and exposure of training data. Recommended mitigation measures include standardised data collection, thorough review and sanitisation, and data verification. Risks to ML models are also addressed, such as serialisation attacks, model poisoning, malware embedding, and evasion attacks. Mitigation strategies include using secure file formats, ensuring model explainability, maintaining reproducible builds, and applying adversarial training. The guidance further addresses software vulnerabilities in AI libraries and infrastructure, recommending continuous auditing, malware scanning, and secure network segmentation. It also emphasises careful assessment and contractual safeguards when engaging third-party providers.