Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407

Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, and other AI resources are used. And with this expansion of third-party AI component and services use comes an expanded security threat often not included in traditional supply chain management processes. It's time to update our supply chain management process to include AI governance. Easier said than done.

In this Say Easy, Do Hard segment, we invite three CISOs to discuss the challenges of AI and the supply chain, including:

• Data privacy concerns
• Flaws and malicious code in AI dependencies
• Lack of security tools to test for AI
• Vibe coding risks

and more. But we also do the hard part, by discussing the changes needed to your supply chain management process to address these concerns.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-407