About This Session
With the AI revolution at full speed, and increasingly fragmented geopolitics, organizations face a growing pressure to maintain control of their AI software supply chain. This talk explores what “sovereignty” means in the context of modern AI usage - where dependencies are mostly open source, can span hundreds if not thousands of upstream projects or services, frequently governed by US based, venture-backed companies, often covertly, and with and end game to lock in and then exploit their unsuspecting customers. Risk patterns will be discussed, including prototypical examples, illustrated by recent case studies: hyperscaler takeovers of open source such as of RedHat Linux (now an IBM subsidiary); radical license shifts, such as for MinIO, the S3 library; service license risks such as the “auto-accept” terms and conditions of Anaconda Inc services; and common pitfalls arising from multiple applicable licenses when using large language model packages. We will also discuss common misconceptions – and concomitant pitfalls – In the AI space: for instance, to consider only the “model” supply chain - pipeline data-weights-inference – and not the supply chain of software packages or services; or, looking only at licenses of a supply chain element and not its governance or ownership – the key risk factor for a change of license, or of usage conditions. The presentation will be complemented by advice for decoding (and countering) common lobbyist or vendor speak, which is often intentionally pushing misconceptions and common confusions to decision makers. Attendees will leave with new insights about, and an actionable framework for, evaluating trustworthiness and sovereignty of their AI software supply chains, to ensure their software remains secure, auditable, under their control, and/or Europe based.
Topics
- Open Source
- Product Strategy
- Reliability