Attacks from Wonderland: XZ, Model Poisoning, and Reflections on Trust

Why is a raven like a writing desk? Carroll’s famous riddle may have no answer, but this talk will provide parallels between equally distinct concepts in software security. We’ll explore connections between classic compiler attacks, the XZ attack, and the AI threat landscape. A critical part of defending against these attacks is maintaining knowledge about software and model identity and provenance. Come hear how SBOMs and AI-BOMs are emerging as a core technology to improve software transparency and combat these new threat types.