< ciso
brief />
Tag Banner

All news with #model provenance tag

4 articles

How AI Is Rewriting Software Supply Chain Risk

🛡️ Software supply chain security has evolved as AI tools and agents become integral to builds. What used to be a question of third‑party packages and transitive dependencies now includes models, agents, prompts, and autonomous tooling as provenance concerns. Teams must extend lineage to models and pipeline actions, and prioritize findings by actual exploitability to avoid alert overload. The discussion surfaces in a webinar on July 22 covering new research and practical program changes.
read more →

EC2 AMI Watermarks for Provenance and Governance

🔒 Amazon EC2 now supports AMI watermarks that embed custom identifiers into private AMIs and persist through copies and derived AMIs. Watermarks include metadata such as AMI ID, owner ID, region, and timestamps to support provenance and tracking. You can apply watermarks via the AWS Management Console, AWS CLI, SDKs, or EC2 Image Builder. Watermarks integrate with Allowed AMIs and Declarative Policies to enforce AMI usage across organizations.
read more →

CISA's AI SBOM Guidance Expands Supply‑Chain Oversight

🔍 The US Cybersecurity and Infrastructure Security Agency (CISA), working with G7 cyber partners, released supplemental minimum elements for an AI software bill of materials to document models, datasets, software components, providers, licenses, and other dependencies. The guidance extends traditional SBOM concepts into AI and is positioned to support procurement and vendor-risk assessments while remaining non‑exhaustive and non‑mandatory. Security teams should press vendors for model provenance, training and update practices, and runtime controls, but must recognize AI SBOMs provide visibility rather than assurance.
read more →

Cyber Agencies Urge Provenance Standards for Digital Trust

🔎 The UK’s National Cyber Security Centre and Canada’s Centre for Cyber Security (CCCS) have published a report on public content provenance aimed at improving digital trust in the AI era. It examines emerging provenance technologies, including trusted timestamps and cryptographically secured metadata, and identifies interoperability and usability gaps that hinder adoption. The guidance offers practical steps for organisations considering provenance solutions.
read more →