Endor Labs, the security startup, anticipates ongoing challenges in 2024 for the AI, supply chain and open source security domains.
Varun Badhwar, CEO and co-founder of Endor Labs, stated, "As we stand at the intersection of AI and enterprise control, malicious actors will continue to explore using AI and associated tools to accelerate exploitation and intrusions. They will also look to target the large GenAI platform providers and widely used AI OSS projects/components as part of broader software supply chain attacks."
Badhwar cautions enterprises to learn from past experiences with new technology adoption. He draws a parallel between the rapid adoption of cloud services and the current surge in AI implementation. The hurried integration of these technologies often overlooks the need for robust security controls and compliance tools, giving rise to vulnerabilities that malicious actors exploit, leading to unforeseen challenges. Consequently, the rapid integration of AI into various facets of business operations is transformative, but the lack of comprehensive visibility and enterprise control raises red flags.
He emphasises on drawing lessons from the past and proactively addressing looming concerns. Badhwar explains, "Much like the early days of cloud adoption, organisations are navigating uncharted territories with AI, often without the necessary safeguards in place. The consequences of insufficient controls are twofold: First, a heightened risk of security breaches, and second, a potential erosion of trust as stakeholders question the ethical implications and transparency surrounding AI decision-making."
Chris Hughes, Chief Security Advisor at Endor Labs and Cyber Innovation Fellow at CISA, anticipates a continuance in targeting the software supply chain by malicious actors. He explains that it is more effective to attack a single software supplier or a widely used open source software (OSS) library than targeting individual organisations. He also predicts a continued push for themes such as Secure-by-Design and software liability.
Henrik Plate, CISSP, a security researcher at Endor Labs, expects an increased deployment of malicious open source software packages in 2024. He explains that although the detection of various attacks has improved throughout 2023, attackers are likely to target resources of legitimate open source software (OSS) projects. Plate also notes that the market for supply chain security solutions will continue to grow. He adds, "Organizations will likely increasingly demand that solutions become interoperable and comparable."
The consensus among these experts from Endor Labs suggests that 2024 will be challenging as security issues around AI technologies, software supply chains, and open source platforms continue to unfold. However, with a proactive approach towards security and governance, these threats can be mitigated.