Abstract: To reduce costs and enhance efficiency, nearly all the software projects rely on existing third-party software components heavily. These components, in turn, often depend on other lower-level components, forming a vast and intricate software reuse network—referred to as the software supply chain. Once a vulnerability or oversight emerges in any link of this supply chain, it can trigger widespread supply chain crises. The rise of artificial intelligence puts forth novel solutions and new challenges to supply chain risks. This article examines the mechanisms and core challenges of software supply chain risk formation and propagation through representative case studies, while also exploring the strategies and technologies employed by academia and industry to mitigate and address these risks.