Supply Chain Security

A Wiz report reveals widespread security vulnerabilities within leading AI companies due to rapid innovation outpacing security measures. Analyzing the top 50 AI firms, 65% had exposed secrets like API keys on GitHub, granting unauthorized access to sensitive systems and models. The report advocates for a “Depth, Perimeter, and Coverage” scanning approach to uncover hidden risks and improve AI supply chain security. It also urges companies to treat employees as part of the attack surface and prioritize proactive secret scanning to mitigate potential data breaches and IP theft.

China’s Ministry of State Security warns of increasing cybersecurity threats from hidden “backdoors” in foreign-made technology. These backdoors, either intentionally embedded or unwittingly created, can grant unauthorized access for espionage, potentially turning everyday devices into tools for remote surveillance and data theft. The Ministry urges vigilance, advocating for domestically developed technology and robust security protocols to mitigate these risks and protect national security.

The U.S. Congress introduced the bipartisan Chip Security Act this week, requiring advanced GPUs and AI chips exported to certain countries to include geolocation tracking tech. Exporters must report unauthorized diversions to China or other restricted destinations, threatening sanctions. The bill mandates enforcement standards within six months but lacks technical specifics, raising concerns over compliance costs and data privacy. As Chinese firms spend $12B annually on indirect chip purchases, critics warn the legislation may disrupt innovation and semiconductor trade dynamics while overstating control over global tech flows. (99 words)