Garth Mollet, Senior Principal Product Security Engineer and Technical Advisor for Product Security at Red Hat, joins host Robert Blumen for a discussion of AI supply chain security. They start with the basics of supply chain security, including the key components of the AI supply chain, and how it differs from the conventional software supply chain. Garth discusses whether the attacks target model weights or inference, and describes the most common attacks and what's in it for the attacker, whether exfiltration, credentials, sabotage, or resources. The episode also considers SPIFFE, SPIRE, attestation, workload identity, and whether AI has the equivalent of "reproducible builds."

Brought to you by IEEE Computer Society and IEEE Software magazine.

Podden och tillhörande omslagsbild på den här sidan tillhör team@se-radio.net (SE-Radio Team). Innehållet i podden är skapat av team@se-radio.net (SE-Radio Team) och inte av, eller tillsammans med, Poddtoppen.