Large Language Models (LLMs) are increasingly embedded in production systems, creating complex development and deployment pipelines that resemble modern software supply chains. These pipelines span dataset ingestion, training workflows, model artifacts, distribution registries, inference infrastructure, and downstream application integration. While prior work has extensively examined model-centric threats such as extraction, inversion, and prompt injection, the security of the complete LLM lifecycle remains insufficiently addressed.Existing software supply chain frameworks, including Sigstore, in-toto, Supply Chain Levels for Software Artifacts (SLSA), and The Update Framework (TUF), provide strong guarantees for artifact integrity and provenance. However, these mechanisms were designed primarily for conventional software artifacts and do not fully capture AI-specific lifecycle threats such as data poisoning, training pipeline compromise, and retrieval-augmented prompt manipulation. In addition, most artifact-signing infrastructures rely on classical cryptography that may face long term risk from quantum adversaries.This paper proposes a layered security framework for LLM software supply chains. The framework models LLM security as a lifecycle control problem spanning five layers: data, training, model, inference, and application. For each layer, the framework identifies representative assets, threat classes, and defensive controls. The paper further analyzes the role of hybrid post-quantum signatures combining classical digital signatures with post-quantum schemes such as ML Large Language Models,AI Supply Chain Security,Post-Quantum Cryptography,Hybrid Signatures,Model Integrity,Software Supply Chain Security,Secure ML LifecycleDSA to strengthen artifact integrity at the model distribution stage.The proposed framework provides a structured model for analyzing threat propagation across the LLM lifecycle while remaining compatible with established supply chain technologies. We contribute a formal threat taxonomy, a comparative analysis against existing frameworks, and a qualitative evaluation demonstrating why artifact integrity alone is insufficient for securing LLM supply chains.

Software supply-chain security has become a central concern due to the pervasive reuse of third-party dependencies, automated CI/CD pipelines, and the increasing number of attacks targeting build systems and artifact distribution channels. In parallel, emerging quantum computing capabilities threaten the long-term security of widely deployed public-key signatures (e.g., RSA/ECDSA) used to establish artifact authenticity. This paper reports a practitioner-led case study of a GitLab CI/CD pipeline that operationalizes DevSecOps with Shift-Left controls across linting, software composition analysis (SCA), dynamic application security testing (DAST), centralized quality governance, security orchestration, artifact packaging, and a hybrid signing workflow combining a classical Vault Transit signature and a post-quantum signature (CRYSTALS-Dilithium). The pipeline culminates in a signed bundle published to a secure store, enabling verifiable integrity under both classical and post-quantum verification regimes. The case study demonstrates how a future-resilient supply chain can be incrementally adopted without breaking existing verification flows while increasing early detection capability and improving traceability and auditability.