Sonatype Securing AI in the Software Supply Chain

Location:
Kafur Schanke , Munich, Germany
AI is no longer on the horizon - it's already woven into the software supply chain. Developers are adopting AI tools and embedding AI models into products faster than governance can keep up. But what happens when these components behave unpredictably, evolve on their own and lack traceable origins?
At this private dinner, Justin Young, Director of Product Management at Sonatype, will guide on open, candid discussion on how security and product leaders can move from AI awareness to AI governance.
We'll explore:
- Why AI in the SDLC is more like open source - but with higher stakes
- The hidden risks of ungoverned AI integration
- How organizations can adapt open source governance models to manage AI
- What "secure and responsible AI use" looks like today - and where it's needed
Featured Discussion: The CISO Challenges - Going Active
Traditional security focuses on passive software components - predictable controllable, and auditable. But AI changes the rules.
AI components are active - they respond differently to identical prompts, generate dynamic outputs, and initiate actions without clear provenance. This unpredictability introduces new security challenges that today's tools weren't built to handle.
Key Themes include:
- How to extend the principles of Confidentiality, Integrity and Availability to AI actions and outputs.
- Why traditional "safety equals security" assumptions break down with AI
- The need for a new paradigm to define and enforce trust in AI systems
For over a decade, Sonatype has been at the forefront of software supply chain security. Join us as we explore how to bring that same maturity and control to AI Adoption.
Reserve Your Seat!
Seating is highly limited to preserve the intimacy and value of the discussion.