Garth Mollet, Senior Principal Product Security Engineer and Technical Advisor for Product Security at Red Hat, joins host Robert Blumen for a discussion of AI supply chain security. They start with the basics of supply chain security, including the key components of the AI supply chain, and how it differs from the conventional software supply chain. Garth discusses whether the attacks target model weights or inference, and describes the most common attacks and what’s in it for the attacker, whether exfiltration, credentials, sabotage, or resources. The episode also considers SPIFFE, SPIRE, attestation, workload identity, and whether AI has the equivalent of “reproducible builds.”
Brought to you by IEEE Computer Society and IEEE Software magazine.
Show Notes
Related Episodes
- SE Radio 606: Charlie Jones on Third-Party Software Supply Chain Risks
- SE Radio 575: Nir Valtman on Pipelineless Security
- SE Radio 541: Jordan Harband and Donald Fischer on Securing the Supply Chain
- SE Radio 535: Dan Lorenc on Supply Chain Attacks
- SE Radio 630: Luis Rodriguez on the SSH Backdoor Attack
AI/ML Security
- SE Radio 680: Luke Hinds on Privacy and Security of AI Coding Assistants
- SE Radio 395: Katharine Jarmul on Security and Privacy in Machine Learning
Container Security



