In April, JPMorgan Chase’s CISO Patrick Opet warned software suppliers about escalating supply chain risks, with the 2025 Verizon Data Breach Investigations Report stating that 30% of breaches involve third-party components—up from 15% last year. This surge coincides with AI generating a significant portion of code, with Google seeing 30% of its code created by AI. However, traditional security tools, like SAST and DAST, are ill-equipped to address AI’s unique vulnerabilities, including data poisoning and memetic viruses. These tools focus on known vulnerability patterns and often analyze code before it’s compiled, leaving blind spots during the build process. Organizations must adapt their security strategies to address risks associated with large AI models by enhancing software supply chain security. This includes validating AI components, monitoring for vulnerabilities, and ensuring application integrity. Those that fail to adapt could become significant warning signs in future cybersecurity reports.
Source link
