ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Cyber risk software supply chains ai platforms interconnected servers laptops
#
Data Protection
#
Hybrid Cloud
#
MFA

AI-driven platforms & software supply chains heighten cyber risk

Mon, 29th Sep 2025
Author image
By Sean Mitchell, Publisher

Organisations across the globe are facing increased scrutiny over their cybersecurity practices as new vulnerabilities emerge in AI-driven platforms and complex software supply chains. Cybersecurity Awareness month starting this week, is a good time to surface some expert advice.

Security researchers have recently identified a vulnerability in Salesforce's Agentforce AI platform that could potentially expose CRM data to unauthorised access. The issue highlights mounting concerns surrounding generative AI, especially its ability to accurately distinguish instructions from input data-a limitation affecting numerous AI agent platforms.

AI agents and inherent risks

Brian Soby, Chief Technology Officer and co-founder at AppOmni, weighed in on the risks posed by current generative AI models. Soby noted that, "The current state of generative AI is that models are unable to securely distinguish instructions from data. We see this same class of problem in every AI agent platform." Referring to recent research and industry events, he added, "We saw similar findings recently at DEFCON and AppOmni researchers have found additional exploitable scenarios on other SaaS agent platforms."

Soby advised organisations to focus security efforts on understanding the capabilities and potential impact of AI agents within IT environments. Cautioning that agents can be manipulated to perform harmful actions, he said, "Organisations should consider the capabilities and blast radius of agents as the primary indicator of risk. It's inevitable: Agents can and will be tricked to exercise those capabilities in unwanted ways." He also recommended investment in continuous monitoring to detect risky or malicious behaviours by AI-driven systems.

Visibility and governance challenges

The proliferation of AI across business functions also brings challenges related to network visibility and governance. Chaim Mazal, Chief Security Officer at Gigamon, emphasised the dual need for real-time oversight and structured adoption policies for AI within the enterprise. "As adversaries weaponise AI to evade detection, security leaders must respond with equal force. The priority now is twofold: to gain real-time visibility into the growing volume of AI-driven network traffic and to establish clear governance over how AI is adopted within the enterprise," Mazal commented.

"Many are now turning to packet-level data paired with metadata as the foundation for restoring visibility, strengthening defences, and ensuring AI tools operate on trusted information. This month is a reminder that the role of security leaders has shifted. We are now responsible for both defending against AI threats and guiding its safe, strategic use across the business."

With increasing demands on CISOs due to hybrid cloud complexities and rapidly expanding data volumes, organisations are seeking new strategies and tools to re-establish robust defensive postures in the face of evolving threats.

Sector-specific impacts in financial services

The importance of comprehensive cybersecurity frameworks is also evident in the financial sector, where data protection is tightly regulated and reputational risk is high. Peter Waring, Chief Technology Officer at JAVLN, likened robust security practices to closing the barn door before the horse bolts. "A single breach can damage reputation, disrupt operations, and attract regulatory penalties. The real benefit of a secure, cloud-based SaaS platform is that it keeps pace with evolving threats for you. Brokers don't need to be cyber experts; controls like multi-factor authentication, daily backups, and system patching are built in. That way, businesses can focus on clients, knowing the security side is taken care of," he said.

Software supply chain vulnerabilities

As digital transformation accelerates, attackers are increasingly targeting the software supply chain. Recent incidents, such as the Shai Hulud vulnerability, have underscored the need for built-in software integrity and heightened vigilance throughout development and operations. Itzik Swissa, Senior Director and Country Manager ANZ at JFrog, reiterated the necessity for cultural and procedural shifts in security practices: "Cybersecurity no longer lies with just the CISO. By equipping developers and operations teams with the right tools and training, organisations foster a culture where secure software is second nature." For Swissa, integrating security early on-"shift-left" security-by scanning open-source code and enforcing automated policies, is crucial for trustworthy software delivery.

Sunny Rao, Senior Vice President of APAC at JFrog, pointed to the increased attack surface arising from the use of multiple, fragmented security tools. "In Asia Pacific's dynamic and highly regulated markets, software supply chains have become both more complex and more exposed. Fragmented security practices-where 70% of organizations rely on seven or more tools, with more than half on more than ten-create blind spots that attackers can exploit. The rise of AI-driven and autonomous tools only amplifies this risk." The Shai-Hulud incident offers a case in point, demonstrating how automation-based exploits can propagate rapidly and cause widespread damage.

Rao advocated for policy-driven controls and a unified approach: "Software supply chain security is no longer an IT issue; it is a strategic business imperative. For APAC enterprises, where compliance and data sovereignty are non-negotiable, resilience depends on policy-driven controls at the point of entry and a single source of truth across the ecosystem." Ensuring provenance and auditability at every stage, he maintained, is essential for verifiably secure and compliant releases.

Focus on strategic resilience

The convergence of AI, SaaS, and supply chain complexity is driving a new risk landscape that requires cross-functional awareness and action. Specialists across the cybersecurity domain agree that enduring resilience will come from embedding security throughout technology environments-whether for AI agents, network infrastructure, or software code.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Squadron Energy wins award for rapid SAP cloud ERP rollout
MYOB adds AI & 250 upgrades to boost efficiency in platform
Schneider unveils advanced liquid cooling for NZ data centres
Milestone reveals city AI model as hackathon prize hits EUR €5,000
HPE launches GX5000 supercomputers to power next-gen AI research

Top stories

DoiT & Ingram Micro partner to deliver FinOps to AWS resellers
Anthropic identifies AI-driven cyber-espionage campaign
Schneider Electric named Leader for energy transition services
Samsung’s Knox Security framework - Smart, secure and scalable
OpenAI brings group chat feature to Kiwi ChatGPT users