Cyber risks of AI supply chains: Practical steps for government agencies

This article was originally published by The Mandarin: Cyber risks of AI supply chains: Practical steps for government agencies

Driven by the Australian Government’s National AI Plan 2025, Australian organisations are increasingly empowered to take advantage of the benefits of artificial intelligence (AI), with a view to becoming world leaders by 2030. The National AI Plan sets an economy‑wide vision to invest in “smart infrastructure”, expand the adoption of AI, and keep Australians safe through responsible practices and fit‑for‑purpose guardrails.

As AI tools and applications become commonplace across government, it is important to acknowledge the complex supply chains that sit behind them. These typically include model providers, hosting environments, software libraries, identity and access tooling, data pipelines, integration services, and networks of vendors. Additionally, the substantial computing power demanded by AI is most often delivered through large-scale data centres and cloud infrastructure. While Australia continues to develop and grow sovereign data centre capabilities, the nation’s AI supply chains remain highly reliant on foreign infrastructure. The associated risks of using infrastructure owned and controlled by other nations are further exacerbated by today’s volatile geopolitical environment.

Why foreign infrastructure is hard to manage

Modern AI is dependent on large‑scale computing and cloud infrastructure. In practice, that often means that organisations rely on providers (or provider ecosystems) that are foreign-owned, globally distributed, and operated under varying legal jurisdictions. This can be the case even when contractual arrangements or technical configurations aim to keep specific agency data within Australia.

From a cyber and assurance perspective, foreign infrastructure is not inherently non-compliant. However, using it may result in non-compliance as it can make several risk management tasks more complex, including:

• Visibility: Understanding where data is processed, which entities deliver service components, and how security controls are applied across extended supply chains
• Shared responsibility: Cloud and “as-a-service” AI models divide responsibilities between agency and supplier, creating ambiguity unless clearly documented and tested
• Assurance and sovereignty: Reliance on supplier attestations and third‑party reporting, combined with cross-jurisdictional data access, increases the importance of clear contractual controls, breach notification requirements and incident response obligations.

For these reasons, AI supply chain risk should be treated as an enterprise-level risk management issue, owned by accountable leadership, rather than as a technical ICT concern.

Why AI supply chains are harder to govern

As Australian Government agencies adopt AI capabilities, guided by the AI Plan for the Australian Public Service 2025, they are taking on increasingly complex networks of suppliers and service providers. The sources of AI-related cyber risks are diverse and not always straightforward to identify or manage.

Risks can stem from foreign ownership, the level of access suppliers have to Australian Government data, limited transparency over their security controls, and business or security practices that do not meet government standards.

Adding to this challenge, agencies may not always have visibility of every instance of AI use within their technology environments. As systems become more integrated and augmented with AI functionality, dependencies can be opaque. AI capabilities may be embedded within platforms, services or contractual terms rather than deployed as standalone tools, making governance more difficult.

Existing security frameworks support AI supply chain risk management

The Australian Cyber Security Centre has published guidance on AI supply chains, highlighting challenges such as end-to-end visibility and clearly defining cyber security responsibilities between entities and suppliers. Agencies best equipped to manage these risks are those that apply existing government security frameworks effectively.

For Australian Government agencies, the Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and the Essential Eight provide a strong foundation for governing AI supply chains when applied in a coordinated and risk-based manner.

PSPF: Accountability and enterprise-wide governance

The PSPF raises AI supply chain risk from a technical issue to an enterprise security priority, reinforcing that accountable authorities retain responsibility for third-party risks. It supports agencies to embed AI supply chain risk in protective security and enterprise risk discussions, assign accountability for key adoption decisions, and integrate procurement, contracting, cyber and assurance functions as services evolve.

Recent PSPF policy advisories further guide agencies to consider AI‑related supply chain risks, including requirements to use certified hosting providers or undertake foreign ownership, control or influence (FOCI) assessments where appropriate.

Applying the ISM to AI supply chains

The ISM’s risk‑based approach is well suited to the distributed nature of AI services. In practice, this includes treating AI solutions as information systems, documenting responsibilities in cloud and “as‑a‑service” models and ensuring third-party risks (including model providers and hosting) are identified, assessed and formally accepted where required. This approach supports sustained assurance beyond point-in-time compliance.

Essential Eight as a practical baseline

The Essential Eight remains a pragmatic set of controls to reduce common cyber compromise pathways in AI‑enabled environments. Applied to systems that support AI use, it helps agencies limit the impact of compromised privileged accounts through strong access controls and multi‑factor authentication, reduce the attack surface through patching and application control, and improve resilience through reliable backup and recovery.

AI-specific guidance for Federal Government

Government-issued guidance provides further direction for agencies in mitigating AI supply chain risks. The APS AI Plan mandates that agencies conduct AI impact assessments for all in-scope use cases. These assessments require agencies to consider risks related to privacy, security, harm and public confidence, driving deeper analysis of AI supply chains, dependencies and third‑party arrangements.

Practical checklist: What agencies should ask when adopting or expanding AI

When adopting or scaling AI, agencies can lift quality and reduce risk by embedding a short set of questions into governance, procurement and delivery:

1.   Visibility and data handling

• Have AI use cases been effectively identified and assessed, and are existing systems regularly evaluated for new or changed AI interactions?
• Where is data processed, stored and logged across the AI tool, integrations, and supplier ecosystem, and is that consistent with the intended classification/handling requirements?
• Have we mapped the full supply chain, including subcontractors, managed services, plugins, libraries and model providers?

2.   Responsibilities and assurance

• Are shared cyber security responsibilities clearly documented, understood and tested?
• Do contracts include minimum security expectations, audit or assurance rights, breach notification requirements and clear obligations for subcontractors?

3.   Access, identity and privileged pathways

• What privileged access do suppliers need, and how is it controlled, monitored and reviewed?
• Are service accounts, API keys and integration credentials governed to the same standard as other high-risk access pathways?

4.   Change control and continuous monitoring

• How are model updates, platform changes, or new AI features communicated, and how is risk assessed when they occur?
• Are logging and monitoring arrangements sufficient to detect misuse, anomalous access, or data leakage?

5.   Exceptions, risk acceptance and governance

• Where risks are accepted, are decisions explicit, time-bound, and paired with a roadmap to improve assurance?
• Is AI supply chain risk reported through appropriate governance forums to ensure leadership visibility and accountability?

Executive focus areas for safe AI deployment

Government agencies are right to focus on productivity and service improvements through AI. However, scaling AI safely depends on recognising that significant risks sit in supply chains, dependencies and third-party arrangements that are not always visible.

Agencies that manage AI supply chain cyber risk most effectively tend to do three things well: explain foreign infrastructure reliance and its implications in clear operational terms, use ISM and PSPF to drive governance, evidence and accountability, and apply Essential Eight pragmatically to reduce the most likely compromise pathways.

How BDO can help

BDO’s risk advisory and cyber security teams work with government agencies to translate AI policy intent into practical and auditable implementation. This includes assessing AI supply chain risk, strengthening cyber governance arrangements, and integrating AI adoption with existing ISM, PSPF and Essential Eight obligations.  

Connect with our team for guidance on managing AI supply chain risks while enabling confident and compliant adoption across government.