Supply Chain Cybersecurity Incidents Rise as AI Expands Attack Surfaces

Third-party involvement in data breaches doubled to 30 percent in the 2025 Verizon Data Breach Investigations Report. Over 70 percent of organizations reported at least one material third-party cybersecurity incident in the past year, according to the 2025 Supply Chain Cybersecurity Trends Report from SecurityScorecard. 5 percent increase from the prior year.

Supply chains span multiple continents, jurisdictions, and third-party vendors, creating numerous potential entry points through legacy systems, unvetted code, IoT devices, and 5G connections. Attackers use AI to automate reconnaissance, generate polymorphic malware, and launch personalized phishing campaigns.

Adversaries also apply adversarial inputs, model poisoning, and prompt-injection techniques against AI systems themselves. Compromised AI tools in logistics or manufacturing software can alter data, disrupt operations, or enable intellectual property theft.

The same tools may decrypt sensitive transaction records, increasing exposure to future quantum-computing threats.

Organizations are advised to implement NIST risk frameworks, map supply chains, and require Software Bill of Materials from vendors. Additional steps include micro-segmentation, continuous monitoring, zero-trust architectures, and regular red-team exercises.

Contracts should include security clauses and mandate audits. Board-level oversight and public-private partnerships remain central to resilience efforts. Initiatives such as CISA programs and executive orders on ICT supply chains are cited as ongoing coordination mechanisms.

Leaders are encouraged to treat cybersecurity as a strategic function rather than a cost center.