Securing AI in the Software Supply Chain

Go Back

Location:

Kafur Schanke , Munich, Germany

AI is no longer on the horizon - it's already woven into the software supply chain. Developers are adopting AI tools and embedding AI models into products faster than governance can keep up. But what happens when these components behave unpredictably, evolve on their own and lack traceable origins?

At this private dinner, Justin Young, Director of Product Management at Sonatype, will guide on open, candid discussion on how security and product leaders can move from AI awareness to AI governance.

We'll explore:

Why AI in the SDLC is more like open source - but with higher stakes
The hidden risks of ungoverned AI integration
How organizations can adapt open source governance models to manage AI
What "secure and responsible AI use" looks like today - and where it's needed

Featured Discussion: The CISO Challenges - Going Active

Traditional security focuses on passive software components - predictable controllable, and auditable. But AI changes the rules.

AI components are active - they respond differently to identical prompts, generate dynamic outputs, and initiate actions without clear provenance. This unpredictability introduces new security challenges that today's tools weren't built to handle.

Key Themes include:

How to extend the principles of Confidentiality, Integrity and Availability to AI actions and outputs.
Why traditional "safety equals security" assumptions break down with AI
The need for a new paradigm to define and enforce trust in AI systems

For over a decade, Sonatype has been at the forefront of software supply chain security. Join us as we explore how to bring that same maturity and control to AI Adoption.

Reserve Your Seat!
Seating is highly limited to preserve the intimacy and value of the discussion.

AI Security