Skip to main content

Supply chain threats demand industrywide approach to AI

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


As the world becomes increasingly reliant on technology, organizations have to consider the growing threats to their supply chain. Goldman Sachs principal engineer Michael Mattioli and AMD CTO Mark Papermaster spoke about this issue at VentureBeat’s virtual Transform 2021 conference last week. They stressed that this is not a problem any single company can solve alone — changing the ecosystem will require industrywide collaboration.

The supply chain is “remarkably complex,” Mattioli said, as it goes all the way back to the design of the chip or board, which is then sent to the foundry to be manufactured. Depending on the type of component, it may pass through a series of manufacturers before it reaches an OEM like Dell, HP, or Lenovo; a reseller like CDW; or a retailer like Best Buy. After all this, it’s finally shipped to the end user. Along each step of the way, the piece is handled by different companies and modes of transport (ship, truck, etc). That leaves a lot of different points where a malicious actor could sneak in a change or tamper with a step.

“People are motivated in a variety of different ways to do something malicious. It could be counterfeiting so that they could make money. It could be espionage so that they could steal data,” Mattioli said.

The idea that there may be a counterfeit or tampered-with component is a worrying one. Organizations don’t want to have a product that is performing less efficiently or is less capable than it should be, which can have an impact on how long the product lasts before breaking or how long it takes to complete jobs. Even worse, such a device can no longer be trusted and may be stealing data or performing actions the user is not aware of.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Different companies have built tools to tackle their part of the supply chain, like AMD, which has some technologies in place to detect whether chips have been tampered with or a counterfeit component is being used. But at this time, there’s really nothing that can detect or deter supply chain threats end-to-end, Papermaster said. Even Apple and Amazon, despite their clout, do not have full control over their supply chains.

Papermaster said the big question is “Are we doing enough as an industry? [Regarding] that web of the supply chain, how do we collaborate more?”

Working together

The only way companies are going to get a better grasp of the supply chain is through industrywide and ecosystem-wide participation and cooperation, Papermaster and Mattioli reiterated. Goldman Sachs and AMD recently joined the Trusted Computing Group and the Global Semiconductor Alliance to encourage industry collaboration. The relationship is a technical one to develop open standards, create interoperable technology, and share build processes in order to ensure nothing has been tampered with. It is also a business relationship, as these companies have to figure out how best to work together on a shared goal.

Artificial intelligence and machine learning can help tackle one of the technical challenges using a technique called fingerprinting, Mattioli said. This method uses the specific information about a piece of hardware — such as voltage, temperature, and frequency, which can be found with hardware performance counters — to create a unique profile of a product that can be tracked throughout its entire lifecycle. “If you did that with all the components on the board, not only can you get a fingerprint of just that one component, but you can get a fingerprint of every other component and then the whole board itself and then the whole system itself,” Mattioli explained. If companies can agree on how to share the data that creates that fingerprint, authenticity can be confirmed at every step of the supply chain using AI.

Fingerprinting would also be useful for detecting counterfeit products since the technique doesn’t require visual inspection. Counterfeit products are sophisticated enough that they are becoming increasingly difficult to visually identify as fake. In some cases, an X-ray would be needed to identify the component, but that is a time-consuming process and not always available. Being able to use fingerprinting to check for counterfeiting “saves a lot of headache and frustration,” Mattioli said.

Papermaster noted that although AI and ML can be helpful tools, the success of technological security ultimately hinges on the cooperation between companies. “[It’s] an incredibly exciting area, and lots more innovation [is coming] in this space, with the industry collaborating together and leveraging these AI techniques,” Papermaster said.

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.