APCERT Warns of AI-Assisted Supply Chain Attacks Targeting APAC Software and AI Model Repositories

The Asia Pacific Computer Emergency Response Team (APCERT), coordinating with CERT-In, Australia's ASD Cyber Center, and Japan CERT (JPCERT/CC), has issued a regional advisory on AI-assisted supply chain attacks targeting APAC software repositories and machine learning model hosting platforms. The advisory documents a 180% increase in H1 2026 supply chain attacks against APAC targets compared to H1 2025 — with AI-assisted attack tooling reducing the effort required to craft convincing malicious packages and model weights.

The advisory identifies two primary attack vectors: (1) Poisoned open-source packages published to npm, PyPI, and Maven repositories that contain obfuscated malware targeting APAC enterprise development environments; and (2) Malicious ML model weights uploaded to public model repositories (primarily HuggingFace variants) that execute arbitrary code during model loading in enterprise AI pipeline environments. The second vector is particularly significant because APAC enterprises adopting open-source AI models — a common cost-reduction strategy in mid-market APAC — may be loading models without provenance verification. APCERT recommends APAC enterprise security teams implement software composition analysis (SCA) tooling for all dependency intake, adopt model provenance verification workflows before loading any third-party model weights into production AI pipelines, and establish dependency pinning policies that prevent automatic package updates without security review.