Title of the Talk
Securing the Intelligent Software Supply Chain: Vulnerability Detection and Exploit Pathways in AI-Integrated Systems.
Abstract
According to IBM’s 2024 Cost of a Data Breach Report, the majority of data breaches now involve components within the software supply chain, with the average cost per incident reaching millions of dollars. As artificial intelligence (AI) becomes increasingly integrated into development and deployment pipelines, traditional software supply chain risks are being compounded by AI-specific vulnerabilities such as model poisoning, dependency confusion, and data lineage compromise. This session presents a comprehensive research framework for securing the AI-integrated software supply chain, emphasizing proactive vulnerability detection and exploit pathway analysis. The proposed framework combines software composition analysis (SCA), dependency graph mining, and machine learning-based anomaly detection to automate the discovery of exploit vectors across source code, model artifacts, and third-party dependencies. It also incorporates attack graph generation and simulation-based exploit modeling to trace complex, multi-hop attack propagation through CI/CD pipelines, containerized deployments, and hybrid cloud orchestration systems. Empirical validation conducted in enterprise-scale environments, covering tens of thousands of open-source dependencies and numerous AI service integrations, demonstrates the framework’s effectiveness in identifying multi-stage supply chain exploits and significantly improving detection speed compared to conventional SCA tools. By unifying traditional software assurance with AI model risk analytics, this work establishes a scalable approach to continuous vulnerability discovery, threat propagation assessment, and resilience engineering in intelligent software ecosystems.
Brief Profile
Rajyavardhan Handa is a Senior Cybersecurity Engineer with over a decade of experience across AI/ML, application, and cloud security. He has led enterprise security initiatives focused on strengthening compliance, reducing risk, and improving system resilience. At Workday, he has contributed to enterprise penetration testing and security programs supporting FedRAMP authorization and large-scale AI platform security. He has also worked on AI security practices aimed at addressing emerging risks in intelligent systems. Previously, he held roles at Salesforce, Walmart, and Ernst & Young (EY), working on cloud security, compliance frameworks, and large-scale identity and risk management systems across global organizations. He holds a Master’s degree in Computer Science from Rutgers University and is certified as CISSP, CISA, and AWS Cloud Practitioner.