 |
Tech Leader ProTech Leader Pro - software engineering leadership Author: John Collins
Tech Leader Pro is a weekly podcast for sharing ideas, principals, and approaches that you can use to lead a large team, with a focus on the technology industry. Each episode covers in detail a leadership topic that you can relate to, and shares lessons that you can apply directly to your team. Hosted by John Collins, an seasoned leader of large software engineer teams with decades of experience. Each episode is short and to the point. Please subscribe for weekly episodes! Language: en-us Genres: Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
AI supply chain attacks (TLP 2025w44)
Tuesday, 25 November, 2025
In this episode, I discuss how all software is vulnerable to supply chain attacks, but I argue that AI is uniquely at risk. I explain that a traditional supply chain attack works by compromising the less-secure "links" in a trusted development process, such as third-party vendors or open-source components—rather than attacking a target directly. This allows malicious code to be delivered through legitimate updates, bypassing standard security defences. I cite the massive SolarWinds breach as a prime example, where attackers inserted a backdoor into a trusted software update, granting them remote access to thousands of secure networks. I then shift focus to AI platforms, identifying their training data as the "weakest link" in their supply chain. I describe "data poisoning," a technique where attackers inject malicious content into the public data sources that AI models scrape for training. This can corrupt a model's knowledge or implant hidden backdoors, namely specific triggers that cause the AI to execute harmful instructions or bypass safety filters. I highlight real-world examples, such as "jailbreak prompts" found on forums and the "Nightshade" tool used by artists to disrupt image generators, concluding that relying on internet data inherently leaves AI models exposed to a "poisoned well." Show notes are here: https://techleader.pro/a/714-AI-supply-chain-attacks-(TLP-2025w44) Keywords: AI supply chain attack, Data poisoning, AI security, Cybersecurity, Supply chain attack explained, AI vulnerability, Large Language Model security, LLM security, Model training data, Nightshade tool, AI data poisoning, Software supply chain, TechLeaderPro, podcast, Cyber attack, Information security, Tech news, AI risks, Generative AI security, AI model integrity, Model jailbreaking, SolarWinds attack, Software security, Cloud security, Open source security, AI data quality, Internet scraping, Third party risk, Digital security
