Artificial Intelligence makes supply chains more vulnerable

(Paywall-free popularization like this is what I do for a living. To support me, see the end of this post)

Just as it does with everything else, of course.

Artificial Intelligence makes supply chains more vulnerable /img/ai-supply-chain.jpg

Among other things, the COVID pandemic forced pretty much everyone in the world to realize how fragile and interconnected the “just-in-time” supply chains of pretty much everything we use are. That realization will never end, nor it should, I think. In 2022, for example, the list of Things You Should Really Know About includes “supply chain attacks by AI” (Artificial Intelligence), which, says Forbes, are “an incredibly big threat right now”.

Easy examples of supply chain attacks by AI

AI software systems are able to make instantaneous automatic decisions about supply chains or countless other topics because they are “trained” in advance to recognize all the possible situations they may encounter, and what the best solution may be in each of those cases. This training happens by feeding the software with very large datasets, that contain all that information.

This general technique can be exploited to mess with AI-powered supply chain software in at least two ways. One, called “poisoning”, consists of corrupting the initial dataset so that “when it is used to train a system, the system will be poisoned and make wrong decisions."

Other attacks modify the model used to learn from the datasets, “so that it will only perform certain actions when given certain inputs”. In practice, this may lead image recognition software to NOT recognize certain models of weapons, or to grant full access to a system, without asking for further identification, when it is shown a predefined face, or other image.

At this point, you may wonder “what’s new here??”

Attacks to mission-critical software, with or without going through the Internet, have been a problem since the dawn of computers, and well known even to the general public at least since movies like “Wargames” (1983). So you may be justified to wonder “what’s new here?”

The answer is as easy as it is difficult to handle. The Forbes piece gives it in these words:

“AI is usually based on [models that] we still struggle to understand how they work in normal situations, let alone adversarial ones."

In simpler words, what’s new here, is that attacks to systems using AI are much harder to prevent because AI software works in ways that not even its authors understand completely, or predict in all possible cases. See here why this is a really big issues, not just for supply chains, but for every part of a digital society.

There needs to be completely new ways of identifying the presence of such backdoors and better methods of dealing with them. While nothing is being done, know that in the hands of attackers, these exploits present huge opportunities that can fatally harm your company.

Image sources:

Who writes this, why, and how to help

I am Marco Fioretti, tech writer and aspiring polymath doing human-digital research and popularization.
I do it because YOUR civil rights and the quality of YOUR life depend every year more on how software is used AROUND you.

To this end, I have already shared more than a million words on this blog, without any paywall or user tracking, and am sharing the next million through a newsletter, also without any paywall.

The more direct support I get, the more I can continue to inform for free parents, teachers, decision makers, and everybody else who should know more stuff like this. You can support me with paid subscriptions to my newsletter, donations via PayPal (mfioretti@nexaima.net) or LiberaPay, or in any of the other ways listed here.THANKS for your support!