Are you ready for the AI risks in your supply chain?

Beware the AI-powered supply chain attack, argues ANS’ Robert Cottrill. (Photo: Shutterstock)

AI is transforming supply chains, but is it also exposing them to new risks? As supply chain attacks surge and AI adoption accelerates, IT leaders face a growing challenge. Attackers are now weaponising AI to automate and scale their attacks. At the same time, internal skills gaps are leading to poor oversight and misconfigurations. 

The World Economic Forum reports that over 65% of businesses expect AI technology to have the most significant impact on cybersecurity, far surpassing cloud (11%) and quantum computing (4%). Meanwhile, more than half say supply chain challenges are the biggest obstacle to scaling AI. That’s a dangerous combination, creating the ideal conditions for hidden vulnerabilities to emerge where you least expect them. 

What are the risks?

Responsible AI has been a major topic of conversation among IT decision-makers, but this conversation needs to go beyond your own business to include your entire supply chain.

The fact that your suppliers, vendors and service providers are all embracing AI, too, directly impacts your security posture – especially if your data is not being handled securely. Without visibility into how these AI tools are built, trained, or managed, you may unknowingly expose your organisation to new forms of risk.

And with cyber attackers also increasingly using AI to launch more convincing phishing campaigns or exploit emerging AI vulnerabilities, the threat landscape is only getting more sophisticated. 

Understanding these threats and how your partners are managing AI security is now essential. The risk extends beyond your perimeter and into the entire web of relationships that power your business. 

Building AI-resilient supply chains

Protecting your business from AI supply chain risks doesn’t mean you should abandon the technology. Instead, it requires a proactive strategy that treats AI risk as a supply chain issue, not merely an internal IT concern.

That should start with an evaluation of your supplier’s AI practices. When onboarding new suppliers, include AI-specific security clauses in contracts and ensure robust vetting procedures are in place. Be clear on how they use AI, handle your data, and their regulatory compliance. Above all, ensure that they’re complying with relevant standards such as the EU AI Act and security regulations such as ISO 28000. 

You shouldn’t overlook your existing suppliers, either. Review contracts and update requirements to reflect the evolving AI landscape. Strengthen your defences, too, just in case a supplier ends up becoming compromised by an AI-armed hacking group. Make sure you have cybersecurity frameworks and incident response plans in place that reflect the latest AI threats. Your company’s security posture needs to be AI-ready, as that could be the last line of defence in a supply chain attack.

AI can also be harnessed as a defensive asset. AI-powered threat detection can significantly reduce the time it takes to identify and neutralise breaches. In a world where supply chain attacks can spread quickly, every second counts.

AI is here to stay, and it will only make managing supply chain security more complex. For IT decision-makers, the challenge is no longer just deploying AI responsibly within their own organisation. It’s about ensuring that every partner in the supply chain is using AI safely, securely and ethically.

By taking a proactive, collaborative and strategic approach, you can harness AI’s potential while staying ahead of emerging supply chain cyber threats.

Robert Cottrill is a technology director at ANS.

Read more: The case for smarter data and insight sharing in fraud prevention