third-party risk
7 posts
Alibaba moves to ban Claude Code over backdoor risk
A reported ban on a widely-used AI development tool reframes third-party AI access as a board-level exposure most organizations have not measured.
Your three memory vendors are one vendor
A US lawsuit alleging memory price fixing by Samsung, SK Hynix, and Micron exposes an unverified control: supplier independence assumed, never validated.
No one hacked the NSA
The NSA's Mythos access loss wasn't a breach - it was a control-plane revocation by a third party. A supply chain availability failure with no patch.
What a tool does never made it safe
When ownership of an integrated, data-access tool changes, existing access persists under a new identity unless it is revoked and re-issued.
The storefront went dark by sundown
A merchandise site linked to Kash Patel went dark after allegedly serving malware. Operator breakdown of the control gaps that made takedown the only response.
FaceTec stores non-rotatable identity material
A senior operator's position on the storage of non-rotatable biometric templates by ID verification vendors, and the exposure that condition creates.
Losing your domain isn't a technical incident.
A domain transfer executed without documentation reframes the registrar as a third-party control surface the board does not directly enforce.