Kaspersky Warns of AI-Driven Security Threats in Digital Supply Chains

As artificial intelligence (AI) becomes more integrated into digital infrastructures, new forms of supply chain attacks are emerging, according to Kaspersky. Speaking at Kaspersky’s APAC Cyber Security Weekend, Vitaly Kamluk, head of the Asia Pacific Research & Analysis Team, highlighted the dual role of AI—both as a potential security risk and as a powerful tool for enhancing cyber security.

The concept of the supply chain has evolved beyond its traditional roots, now encompassing a complex web of digital services, software dependencies, and information flows. This transformation has introduced new cybersecurity challenges, making modern supply chains more vulnerable to attacks that can have widespread consequences.

Kamluk noted that the interconnected nature of digital supply chains means that a single point of failure can trigger cascading effects across multiple systems and organizations. He referenced a recent incident involving major tech companies that led to a global outage, underscoring the potential for brief disruptions to cause significant financial and operational damage.

Linux XZ Utility Backdoor: A Recent Example of Supply Chain Risks

One of the most alarming examples of these risks was the discovery of a backdoor in the Linux XZ utility, likely the result of a supply chain attack. This incident, assigned CVE-2024-30942 with the highest severity score of 10, involved a sophisticated backdoor that could monitor all SSH connections and authenticate attackers with a hidden key.

The backdoor was highly advanced and nearly evaded detection, which would have allowed it to compromise millions of systems worldwide. Kamluk emphasized the significance of this discovery, noting that it was a stroke of luck that engineers detected the issue, preventing what could have been a catastrophic breach.

The Role of AI in Strengthening Cybersecurity

AI has the potential to play a crucial role in managing these risks, particularly through autonomous threat hunting, adaptive defense systems, and AI-driven Zero-Trust architectures. Autonomous threat hunting, for example, uses AI to identify and neutralize advanced persistent threats (APTs) without human intervention, a critical capability in the face of sophisticated attacks like the Linux XZ utility backdoor.

Kamluk observed that AI-related cybersecurity research is becoming increasingly prevalent, with many submissions to the Black Hat conference focusing on AI technologies.

Emerging Supply Chain Threats

One potential threat involves manipulating AI training data, where attackers could introduce corrupted or biased data to degrade model performance or create undetected vulnerabilities. Kamluk also warned of the risk of unauthorized AI model replacement, where attackers could swap legitimate models with malicious versions. To mitigate these risks, organizations must implement stringent controls, continuous monitoring, and the use of digital signatures to ensure AI model integrity.

The Human Element in Supply Chain Security

Despite the technical nature of these threats, human factors remain a critical vulnerability. Social engineering tactics, such as creating fake personas or exerting psychological pressure on developers, are often used to infiltrate trusted projects. Kamluk stressed the importance of vigilance and the need for anomaly detection systems to identify unusual behavior that could indicate an insider threat.

As digital supply chains become more complex, reliable cybersecurity measures are essential. The incidents discussed by Kamluk highlight the importance of a proactive approach that combines traditional cybersecurity practices with AI advancements.

While challenges abound, Kamluk remains optimistic, stating, "If we put our trust in the right vendors and establish the correct processes, the future shall be bright."