y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#supply-chain-risk News & Analysis

23 articles tagged with #supply-chain-risk. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

23 articles
AIBearishCrypto Briefing · Jun 217/10
🧠

Booz Allen warns of sleeper agent risks from Chinese AI models

Booz Allen Hamilton has released a report warning of security vulnerabilities in Chinese AI models that could function as "sleeper agents," potentially compromising global supply chains. The analysis suggests these risks may reshape technology competition and influence regulatory policy worldwide.

Booz Allen warns of sleeper agent risks from Chinese AI models
GeneralBearishCrypto Briefing · Jun 10🔥 8/10
📰

Israeli airstrike hits Sidon port, escalating conflict with Hezbollah

An Israeli airstrike on Sidon port in Lebanon has escalated military tensions with Hezbollah, signaling increased regional instability. The strike undermines diplomatic efforts and raises the probability of sustained conflict, with potential ripple effects across global markets and geopolitical risk premiums.

Israeli airstrike hits Sidon port, escalating conflict with Hezbollah
AIBearisharXiv – CS AI · Jun 107/10
🧠

GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines

Researchers present GitInject, a framework demonstrating prompt injection vulnerabilities in AI-powered CI/CD pipelines used by major tech companies. The study reveals that all tested AI providers are susceptible to attacks that could enable credential theft, code manipulation, and supply chain compromise through GitHub workflows.

AIBearisharXiv – CS AI · Jun 97/10
🧠

AI Code Sandboxes: A Comparative Security Study. Part 1 of 2 -- Engine-Level Properties (Attack Surface, Leakage, Stackability, CVE History, Patch Cadence, Fuzzing)

A peer-reviewed security study comparing five AI code sandbox products across six engine-level metrics reveals significant architectural and operational differences in isolation capabilities. The research identifies critical gaps in fuzzing investment and patch deployment timelines, with downstream lag ranging from same-day to over 471 days, exposing potential vulnerabilities in production AI systems.

AIBearishDecrypt · Jun 67/10
🧠

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Microsoft researchers have identified a critical vulnerability in Claude Code where prompt injection attacks could manipulate AI coding agents into exfiltrating sensitive credentials stored in GitHub and development pipelines. This security flaw highlights systemic risks in deploying AI agents with access to production environments and sensitive infrastructure.

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft
🧠 Claude
AIBearisharXiv – CS AI · Jun 27/10
🧠

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Researchers introduce SkillVetBench, a security benchmark for detecting malicious skills in open agent platforms, addressing supply-chain risks in extensible AI ecosystems. The framework combines semantic analysis of skill specifications with runtime execution monitoring in sandboxes, revealing that static-only defenses miss up to 89% of threats hidden in natural-language instructions and multi-component logic.

AIBearisharXiv – CS AI · May 97/10
🧠

Correct Code, Vulnerable Dependencies: A Large Scale Measurement Study of LLM-Specified Library Versions

A comprehensive measurement study reveals that large language models frequently specify vulnerable and incompatible library versions in generated Python code, with 36.70%-55.70% of tasks containing known CVEs and 62.75%-74.51% rated as Critical or High severity. The research demonstrates this represents a systemic bias across all evaluated models rather than isolated errors, with most CVEs publicly disclosed before the models' knowledge cutoffs.

AIBullishThe Verge – AI · May 17/10
🧠

Pentagon strikes classified AI deals with OpenAI, Google, and Nvidia — but not Anthropic

The Pentagon has announced classified AI agreements with OpenAI, Google, Microsoft, Amazon, Nvidia, xAI, and Reflection, expanding military access to advanced AI tools. Notably, Anthropic was excluded from these deals after being designated a supply-chain risk, marking a significant shift in the Defense Department's AI vendor strategy.

Pentagon strikes classified AI deals with OpenAI, Google, and Nvidia — but not Anthropic
🏢 OpenAI🏢 Anthropic🏢 Nvidia
GeneralBearishCrypto Briefing · Apr 217/10
📰

Taiwan president cancels Africa trip amid Chinese pressure

Taiwan's president canceled an Africa trip due to Chinese diplomatic pressure, demonstrating Beijing's strategy to limit Taiwan's international engagement without military confrontation. The move underscores escalating geopolitical tensions that could affect regional stability and global markets.

Taiwan president cancels Africa trip amid Chinese pressure
AIBearishcrypto.news · Apr 207/10
🧠

NSA taps Anthropic’s Mythos despite Pentagon risk warnings: report

The NSA is reportedly using Anthropic's advanced Mythos Preview AI model despite the Department of Defense previously designating the startup as a 'supply chain risk.' This development highlights tension between U.S. national security agencies over AI procurement and vendor assessment, with implications for how government entities evaluate AI safety and security risks.

NSA taps Anthropic’s Mythos despite Pentagon risk warnings: report
🏢 Anthropic
GeneralBearishCrypto Briefing · Apr 187/10
📰

Iran’s fast-attack boats threaten global oil transit, US officials warn

US officials warn that Iran's fast-attack boats pose a significant threat to global oil transit routes, with potential to destabilize international oil markets and intensify geopolitical tensions. The aggressive naval posturing could create economic ripple effects across energy markets and cryptocurrency markets that track commodity volatility.

Iran’s fast-attack boats threaten global oil transit, US officials warn
AIBearisharXiv – CS AI · Apr 137/10
🧠

BadSkill: Backdoor Attacks on Agent Skills via Model-in-Skill Poisoning

Researchers demonstrate BadSkill, a backdoor attack that exploits AI agent ecosystems by embedding malicious logic in seemingly benign third-party skills. The attack achieves up to 99.5% success rate by poisoning bundled model artifacts to activate hidden payloads when specific trigger conditions are met, revealing a critical supply-chain vulnerability in extensible AI systems.

AIBullishThe Verge – AI · Mar 277/10
🧠

Judge sides with Anthropic to temporarily block the Pentagon’s ban

A federal judge granted Anthropic a preliminary injunction against the Pentagon's blacklisting, ruling that the company was designated as a supply chain risk due to its 'hostile manner through the press.' The injunction temporarily blocks the ban while the lawsuit proceeds, with the judge citing potential First Amendment violations.

Judge sides with Anthropic to temporarily block the Pentagon’s ban
🏢 Anthropic
AIBearishWired – AI · Mar 97/10
🧠

Anthropic Claims Pentagon Feud Could Cost It Billions

AI startup Anthropic claims it faces potential billions in revenue losses after the Trump administration labeled it a supply-chain risk. The designation has reportedly caused companies to pause deal negotiations with the AI company, creating significant business disruption.

Anthropic Claims Pentagon Feud Could Cost It Billions
🏢 Anthropic
AIBearishLast Week in AI · Mar 97/10
🧠

Last Week in AI #337 - Anthropic Risk, QuitGPT, ChatGPT 5.4

The Department of Defense has officially classified Anthropic as a supply chain risk, while a 'cancel ChatGPT' movement is gaining momentum following OpenAI's military partnership announcement. These developments highlight growing tensions around AI companies' government relationships and military applications.

Last Week in AI #337 - Anthropic Risk, QuitGPT, ChatGPT 5.4
🏢 OpenAI🏢 Anthropic🧠 ChatGPT
AIBearishTechCrunch – AI · Mar 67/10
🧠

Anthropic’s Pentagon deal is a cautionary tale for startups chasing federal contracts

The Pentagon designated Anthropic a supply-chain risk after the AI company refused to give the military control over its models for use in autonomous weapons and surveillance, leading to a failed $200 million contract. The DoD subsequently partnered with OpenAI instead, which accepted the terms but faced significant user backlash with ChatGPT uninstalls surging 295%.

🏢 OpenAI🏢 Anthropic🧠 ChatGPT
AIBearishTechCrunch – AI · Mar 67/10
🧠

Anthropic vs. the Pentagon, the SaaSpocalypse, and why competitions is good, actually

The Pentagon designated Anthropic a supply-chain risk after disputes over military control of AI models for weapons and surveillance, leading to a collapsed $200 million contract. The DoD shifted to OpenAI instead, which caused ChatGPT uninstalls to surge 295% following their acceptance of the military partnership.

🏢 OpenAI🏢 Anthropic🧠 ChatGPT
AIBearishTechCrunch – AI · Mar 57/10
🧠

It’s official: The Pentagon has labeled Anthropic a supply chain risk

The Pentagon has officially designated Anthropic as a supply chain risk, marking the first time an American company has received this classification. Despite this designation, the Department of Defense continues to utilize Anthropic's AI technology in Iran operations.

🏢 Anthropic
AIBearishTechCrunch – AI · Feb 277/107
🧠

Pentagon moves to designate Anthropic as a supply-chain risk

The Pentagon is moving to designate Anthropic as a supply-chain risk, with a president stating they will not do business with the AI company again. This represents a significant regulatory action against a major AI company that could impact the broader AI industry.

AIBearishDecrypt – AI · Feb 277/106
🧠

Anthropic Won’t Lift AI Safeguards Amid Ongoing Pentagon Dispute: CEO

Anthropic CEO announced the company will refuse to comply with Defense Department demands to lift AI safeguards, as the Pentagon considers designating Anthropic as a "supply chain risk." This dispute highlights tensions between AI companies maintaining safety protocols and government agencies seeking access to less restricted AI capabilities.

Anthropic Won’t Lift AI Safeguards Amid Ongoing Pentagon Dispute: CEO
AINeutralTechCrunch – AI · Apr 126/10
🧠

Trump officials may be encouraging banks to test Anthropic’s Mythos model

Trump administration officials may be encouraging U.S. banks to test Anthropic's Mythos AI model, creating a notable contradiction given the Department of Defense recently designated Anthropic as a supply-chain risk. This signals potential policy inconsistency regarding AI company security classifications.

🏢 Anthropic