Business Security Weekly (Audio) Say Easy, Do Hard - AI Governance in the Supply Chain - Richard Bird, Nick Mistry - BSW #407
9 snips
Aug 6, 2025 In this conversation, Nick Mistry, with his extensive experience in cloud and application security, teams up with Richard Bird, Chief Security for Singular AI, to tackle the pressing need for AI governance in the supply chain. They delve into the challenges posed by third-party risks and the complexities of open-source software. The discussion also highlights the evolving nature of cybersecurity in the era of AI, emphasizing the importance of real-time risk management and proactive strategies to safeguard data privacy and enhance security practices.
AI Snips
Chapters
Transcript
Episode notes
Supply Chain vs Third Party Risk
- Supply chain risk is distinct from general third-party risk due to its direct impact on core business operations and product delivery.
- Merging all vendors into a single third-party risk umbrella causes confusion and ineffective risk management.
Risks From AI Hallucinated Code
- AI-generated code recommendations sometimes hallucinate packages leading to security risks such as typo squatting.
- Even security tools struggle to assess open source components accurately within AI code suggestions, exposing further supply chain vulnerabilities.
AI Inherits Developer Security Flaws
- Developers historically prioritize speed and functionality over security, a trait AI inherits from them.
- AI will amplify existing security issues rather than correct them without built-in security guardrails.