The Supply Chain Crisis: How AI, Extensions & Dependencies Became the Attack Surface⎢Aamiruddin Syed

Today, I’m joined by Aamiruddin Syed, Senior Product Security Engineer at AGCO Corporation.

Aamiruddin is the author of “Supply Chain Software Security book focusing on AI, IoT, and AppSec” and a recognized advocate for secure development. He’s a frequent speaker at major conferences, including RSA, DEFCON, and Black Hat.

Fun facts: he was once ranked in the top 1% of all TryHackMe penetration testers, and a memorable milestone in his career was delivering a Cybersecurity Awareness talk to officer trainees of the Indian Army.

He’s also a fellow podcaster, co-hosting the CyberGPT Pulse Podcast.

In this episode, we dive into the complexities of software supply chain security, especially the risks introduced by third-party extensions, and how generative AI can strengthen defenses across the supply chain.

We also explore the challenges of data quality when training AI models and discuss why strong governance is essential for secure developer practices.

Dive right in!

Connect with Aamiruddin:   / aamiruddin-syed  
Connect with Alexandra:   / alexandra-charikova  

This podcast is brought to you by
Escape: https://escape.tech — Modern DAST built to test for business logic instead of missing headers

Mentioned
Supply Chain Software Security: AI, IoT, and Application Security: https://www.amazon.com/-/en/Aamiruddi...
VS Code Malicious Extension Research: https://www.darkreading.com/applicati...
NANDA: The Internet of AI Agents: https://nanda.media.mit.edu/
RNN (Recurrent Neural Network): https://www.ibm.com/think/topics/recu...

Chapters
00:00 Introduction
00:45 Aamiruddin's background
01:45 Introduction to Software Supply Chain Security
02:55 The Threat of Third-Party Extensions
06:10 Understanding the Attack Surface
10:04 Shift Left Security: A Double-Edged Sword
13:02 Governance and Developer Responsibility
16:12 Integrating Security Tools Effectively
18:07 Creating a Custom Risk Score
20:20 Leveraging GenAI for Security
23:58 Challenges with AI and Data Quality
28:08 Accountability in AI-Driven Security
31:55 Ethics in AI and Automated Decision Making
35:23 The Future of AI in Software Security