In this episode of Tech Talks Daily, I welcome back Haydn Brooks, CEO and founder of Risk Ledger, to discuss why supply chain security has moved from an IT concern to a boardroom and government priority. As organizations race to adopt AI, connect more systems, and depend on increasingly complex ecosystems of vendors, partners, cloud providers, and third-party services, the attack surface continues to expand in ways many businesses still struggle to understand.
Haydn explains why supply chains remain one of the largest blind spots in cybersecurity, despite years of warnings and a growing list of high-profile incidents. We explore how attackers increasingly target smaller suppliers that lack the resources and expertise of larger enterprises, using them as stepping stones to reach critical infrastructure, government agencies, and major corporations.
The conversation also examines how AI is reshaping the risk equation. As organizations rapidly integrate AI tools, APIs, and third-party models into existing technology stacks, many are creating new forms of concentration risk. What happens when multiple services rely on the same AI provider? And how can businesses maintain visibility over technology dependencies that are constantly evolving?
Haydn shares his perspective on why collaboration and information sharing have become far more common across the cybersecurity community, and why security leaders are beginning to recognize that defending against modern threats requires collective action rather than isolated efforts. We also discuss accountability, resilience, and why organizations must move beyond simply identifying risk and develop the ability to understand the impact of incidents when they occur.
Along the way, Haydn offers practical advice for security leaders, explains why now is the time to reassess supply chain security strategies, and shares insights into Risk Ledger's international expansion as the company grows its presence in the United States.
As AI accelerates innovation and organizations become increasingly interconnected, are businesses truly prepared for the risks that come with that progress? And could an overlooked supplier become the starting point for the next major cybersecurity crisis?