From Open Source to OpenAI: The Evolution of Third-Party Risk

From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting.

The Silicon Valley mantra to “move fast and break things” prioritizes growth over anything else. Unfortunately, this velocity extends to efficiently introducing vulnerabilities into the software supply chain. From open source software libraries to AI-enabled coding assistants, these tools enable rapid innovations, but they are also enabling attack vectors that threat actors are looking to exploit.

Third-party risks have always been an issue, but they have not always been top of mind. For the past decade, ransomware dominated the headlines and mindshare of cybersecurity leaders. In more recent years, nation-state threats and the growing risk of cyberwarfare have come to the forefront. However, regardless of their motive or mode of operation, vulnerabilities in the software supply chain are an attractive target for cyberattack.

The SolarWinds breach was a wake-up ...