Webinar Description
Key Takeaways
- Examines how artificial intelligence tools and infrastructure are creating new attack surfaces within software supply chains
- Features original research into security vulnerabilities within the Model Context Protocol ecosystem
- Addresses the limitations of traditional security programmes when applied to AI-driven development environments
- Designed for CISOs, application security teams, DevSecOps practitioners and security researchers
- Combines threat landscape analysis with practical guidance on adapting security strategies
Introduction
The rapid integration of artificial intelligence into software development workflows has fundamentally altered the security landscape for organisations managing complex supply chains. This virtual webinar, titled “How AI Is Reshaping Supply Chain Security As We Know It,” brings together security researchers and practitioners to examine the emerging threat vectors that accompany AI adoption. Hosted by OX Security, the session addresses a critical gap in contemporary security programmes: the inability of traditional approaches to adequately protect against risks introduced by AI tools, models and supporting infrastructure.
The timing of this discussion reflects growing industry concern about supply chain vulnerabilities. As organisations increasingly rely on AI-powered development tools and integrate machine learning models into their software pipelines, the attack surface has expanded in ways that conventional security frameworks were not designed to address. This webinar provides security leaders with both research-backed insights and actionable strategies for adapting their programmes to this new reality.
About This Event
This virtual webinar brings together OX Security researchers presenting new findings on the AI supply chain threat landscape alongside security leaders sharing operational insights from their own programmes. The format combines research presentations with practical discussion, offering attendees both theoretical understanding and implementation guidance.
The session features perspectives from OX Security’s research team as well as representation from Atlassian, providing viewpoints from both a security vendor and a major enterprise software organisation. This combination allows for examination of threats from multiple angles: the technical vulnerabilities being discovered in the wild and the organisational challenges of securing AI-driven development at scale.
The Expanding Attack Surface in AI-Driven Development
A central theme of the webinar is the recognition that securing source code alone no longer provides adequate protection for modern software supply chains. The proliferation of AI tools throughout the development lifecycle has introduced dependencies and integration points that create novel vulnerability categories. These range from compromised AI models and poisoned training data to insecure connections between AI assistants and development infrastructure.
The session examines how AI tools have become embedded at multiple stages of software creation and deployment. Code generation assistants, automated testing frameworks, and AI-powered security scanning tools each introduce their own trust relationships and potential failure points. When these tools connect to external services, access sensitive codebases, or make automated decisions about code changes, they create pathways that adversaries can potentially exploit.
Traditional supply chain security has focused primarily on dependency management, ensuring that third-party libraries and components are free from known vulnerabilities. While this remains important, the AI era demands a broader perspective that encompasses the tools used to write, test and deploy code, not merely the code itself.
Research Focus: Model Context Protocol Security
A significant portion of the webinar presents OX Security’s research into the Model Context Protocol ecosystem. MCP has emerged as a standard for connecting AI assistants to external tools and data sources, enabling large language models to interact with development environments, databases and other systems. This capability, while powerful, introduces security considerations that many organisations have yet to fully address.
The research findings explore vulnerabilities within the MCP ecosystem, examining how the protocol’s design and implementation can create opportunities for malicious actors. As AI assistants gain the ability to execute actions within development environments rather than simply generating text, the consequences of security failures become more severe. A compromised MCP connection could potentially allow unauthorised access to source code repositories, deployment pipelines or production systems.
Understanding these risks is particularly relevant for organisations that have adopted or are considering AI coding assistants with tool-use capabilities. The research presented in this session provides concrete examples of threat scenarios rather than abstract possibilities.
Adapting Security Programmes for AI Integration
Beyond threat identification, the webinar addresses the practical challenge of evolving security programmes to account for AI-related risks. Many organisations have mature application security practices built around static analysis, software composition analysis, dynamic testing and container security. The question facing security leaders is how to extend these capabilities to cover AI tools and infrastructure without creating entirely parallel programmes.
The session explores approaches to integrating AI security considerations into existing DevSecOps workflows. This includes evaluating AI tools before adoption, monitoring their behaviour during use, and establishing governance frameworks that balance developer productivity with security requirements. The goal is not to prevent AI adoption but to enable it safely.
Security leaders from practitioner organisations share their experiences adapting to this landscape, offering insights into what has worked within their own environments. These real-world perspectives complement the research findings by demonstrating how theoretical risks translate into operational security decisions.
Who Should Attend
This webinar is designed for security professionals responsible for protecting software development environments and supply chains. The content is particularly relevant for:
- CISOs and security leaders seeking to understand emerging risks and allocate resources appropriately
- Application security teams responsible for securing development pipelines and tooling
- DevSecOps practitioners integrating security controls into CI/CD workflows
- Security researchers investigating AI-related vulnerabilities and threat vectors
- Field CTOs and technical leaders evaluating AI tool adoption within their organisations
Attendees from enterprise IT departments, software vendors, SaaS providers and organisations with complex software supply chains will find the content directly applicable to their security challenges. The session assumes familiarity with application security fundamentals but does not require deep expertise in artificial intelligence.
The Broader Context of Supply Chain Security
The concerns addressed in this webinar reflect a broader evolution in how the security industry thinks about software supply chains. High-profile incidents over recent years have demonstrated that attackers increasingly target the tools and processes used to build software rather than the software itself. AI integration accelerates this trend by introducing additional layers of complexity and new categories of trusted components.
Regulatory attention to software supply chain security has also intensified, with frameworks and requirements emerging that mandate greater visibility into software composition and development practices. Organisations that proactively address AI-related supply chain risks position themselves to meet both current threats and evolving compliance expectations.
The webinar provides an opportunity to engage with these issues before they become crisis-driven priorities, offering security teams the knowledge needed to make informed decisions about AI adoption and protection strategies.

