Episode Details

A special weekend edition on AI security. This week exposed critical vulnerabilities in the platforms powering your AI stack, revealed that two-thirds of security leaders cannot see their own AI deployments, and delivered formal guidance from the NSA on AI supply chain risks. We break down what happened and give you a five-step playbook to act on Monday.

Stories covered:

1. Critical AI Platform Vulnerabilities — Security researchers disclosed serious flaws in Amazon Bedrock, LangSmith, and SGLang. Severity ratings up to 9.8 out of 10. Langflow was exploited in the wild within 20 hours of disclosure. Amazon called one vulnerability "intended functionality."
2. 67% of CISOs Cannot See Their Own AI — Pentera's 2026 CISO survey found zero percent of organizations have full visibility into where AI is running. Meanwhile, 80% of workers are using unauthorized AI tools, and one-third are sharing proprietary data with unsanctioned services.
3. NSA AI Supply Chain Guidance — The Five Eyes intelligence alliance released formal guidance on AI supply chain security, naming specific attack vectors: data poisoning, hidden backdoors, model manipulation, and evasion attacks. This is now the baseline standard for due diligence.
4. AI Agents Have Too Much Access — Over half of deployed AI agents operate without consistent security oversight. Only 29% of organizations have formal AI agent governance policies. NVIDIA launched OpenShell at GTC to address the agent trust problem with kernel-level security enforcement.

The five-step playbook: Know what is running. Treat AI platforms like vendors. Enforce least privilege for AI agents. Keep sensitive data out of consumer AI tools. Log everything.

Hosted by Stephen Forte, Founder of BuildClub. Brought to you by the YPO Technology Network.