August jobs report, President Biden in Michigan signs executive order promoting labor standards for federally funded projects, Donald Trump speaks to Fraternal Order of Police in North Carolina, Liz Cheney says her father – former Vice President Dick Cheney – will vote for Kamala Harris, interview with C-SPAN’s Westminster Producer Peter Knowles on polling errors ahead of the British election and lessons for the U.S. campaign (28), Ukrainian President Zelensky attends the Ukraine Defense Contact Group meeting in Germany, Turkish American activist has been killed by Israeli forces in the West Bank.
In the South Caucasus, a clash of interests involving Iran, Turkey, and Azerbaijan continues, with Russia aligning itself with Ankara and Baku at the expense of Tehran’s goals.
Turkey and Azerbaijan are pushing to secure control of a key strip of land along Armenia’s southern border with Iran—known as the “Zangezur Corridor”—an extraterritorial route connecting Azerbaijan to Nakhchivan and Turkiye. This corridor would provide Turkey direct access to the Caspian Sea and bolster its influence in the region, raising security concerns. The northern part of Iran is home to Azeri populations, and Tehran fears potential future destabilization by Azerbaijan. Iran has taken these risks seriously, asserting that it is prepared to intervene militarily to prevent such a scenario. As a countermeasure, Tehran is advocating for its own route, passing through Iranian territory.
Russia, increasingly isolated on the world stage, finds itself in need of Ankara’s support—a NATO member—and appears willing to sacrifice Tehran’s interests in this matter.
The Russian Foreign Ministry, through spokeswoman Maria Zakharova, has expressed support for the Turkic project. In response, Mohsen Rezaei, Secretary of Iran’s Supreme Council for Economic Coordination, took to the social media platform X, denouncing the stance of Russian officials regarding the Zangezur passage. Rezaei stated, “The behavior of Russian officials concerning the Zangezur Corridor is utterly unacceptable and clearly contradicts their purported friendly ties and strategic relations with Iran. These ambiguities must be resolved.”
Moscow, meanwhile, has shown little regard for Armenia’s interests, seemingly preparing for the eventual ousting of Prime Minister Nikol Pashinyan and his replacement with a more Russia-aligned figure.
From our perspective, the Russian Foreign Ministry’s statement is not a result of incompetence. Instead, it likely reflects growing frustration within the Kremlin towards Tehran, which is evident in Moscow’s political maneuvers.
We believe this behavior stems from Russia’s expectation that Iran, as a member of the UN Security Council, should show greater flexibility and involvement in Russian-led influence operations in the Middle East—such as escalating tensions with Israel. This is not the first instance where Moscow has taken actions that could be seen as a deliberate affront to Iran’s leadership. The Kremlin likely assumes that Tehran, feeling trapped by its limited options, will ultimately overlook these slights.
Russia’s stance on the Zangezur Corridor involves geopolitical interests in the South Caucasus, is influenced by a range of strategic concerns, and Iran’s interests may not align with Moscow’s broader regional objectives.
1. Russia’s Regional Balancing Act: Russia views the South Caucasus as a critical region for its influence, especially in relation to Armenia and Azerbaijan. Russia traditionally tries to maintain a balance between the two, and backing a transport corridor that connects Azerbaijan to its Nakhchivan exclave through Armenia (the Zangezur Corridor) may benefit Azerbaijan, Turkey, and others, but not Iran.
2. Alignment with Azerbaijan and Turkiye: Azerbaijan and Turkey have strong economic and geopolitical interests in the Zangezur Corridor. Russia’s relations with Turkiye, especially in balancing NATO’s influence, and its role as a mediator between Armenia and Azerbaijan, could explain why it might prioritize the corridor despite Iranian concerns. Turkey’s growing influence in the region serves as both a rival and a partner for Russia, especially considering energy routes and military presence.
3. Iran’s Concerns: Iran sees the Zangezur Corridor as a potential threat to its influence, since it bypasses Iranian territory and strengthens Azerbaijan’s strategic standing. Tehran is also concerned about increased Turkish influence in the region, which could undermine its interests.
4. Economic and Strategic Interests: The corridor would facilitate easier transit for energy and trade between Azerbaijan and Turkey, making it a strategically valuable route. Russia, seeing an opportunity for economic gain and to strengthen ties with both Azerbaijan and Turkiye, might be less inclined to prioritize Iran’s interests.
Ultimately, Russia’s decision to seemingly disregard Iran’s concerns may be a calculated geopolitical move to strengthen its own influence in the South Caucasus, maintain ties with Turkiye, and secure its role as a dominant player in regional politics.
With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.
Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.
No matter whether you use mainstream AI solutions, integrate them into your existing tech stacks via application programming interfaces (APIs) or even develop your own models from open-source foundation models, the entire AI software supply chain is now squarely in the spotlight of cyberattackers.
Poisoning open-source data sets
Open-source components play a critical role in the AI supply chain. Only the largest enterprises have access to the vast amounts of data needed to train a model from scratch, so they have to rely heavily on open-source data sets like LAION 5B or Common Corpus. The sheer size of these data sets also means it’s extremely difficult to maintain data quality and compliance with copyright and privacy laws. By contrast, many mainstream generative AI models like ChatGPT are black boxes in that they use their own curated data sets. This comes with its own set of security challenges.
Verticalized and proprietary models may refine open-source foundation models with additional training using their own data sets. For example, a company developing a next-generation customer service chatbot might use its previous customer communications records to create a model tailored to their specific needs. Such data has long been a target for cyber criminals, but the meteoric rise of generative AI has made it all the more attractive to nefarious actors.
By targeting these data sets, cyber criminals can poison them with misinformation or malicious code and data. Then, once that compromised information enters the AI model training process, we start to see a ripple effect spanning the entire AI software lifecycle. It can take thousands of hours and a vast amount of computing power to train a large language model (LLM). It’s an enormously costly endeavor, both financially and environmentally. However, if the data sets used in the training have been compromised, chances are the whole process has to start from scratch.
Most AI software supply chain attacks take place through backdoor tampering methods like those mentioned above. However, that’s certainly not the only way, especially as cyberattacks targeting AI systems become increasingly widespread and sophisticated. Another method is the flood attack, where attackers send huge amounts of non-malicious information through an AI system in an attempt to cover up something else — such as a piece of malicious code.
We’re also seeing a rise in attacks against APIs, especially those lacking robust authentication procedures. APIs are essential for integrating AI into the myriad functions businesses now use it for, and while it’s often assumed that API security is on the solution vendor, in reality, it’s very much a shared responsibility.
Recent examples of AI API attacks include the ZenML compromise or the Nvidia AI Platform vulnerability. While both have been addressed by their respective vendors, more will follow as cyber criminals expand and diversify attacks against software supply chains.
Safeguarding your AI projects
None of this should be taken as a warning to stay away from AI. After all, you wouldn’t stop using email because of the risk of phishing scams. What these developments do mean is that AI is now the new frontier in cyber crime, and security must be hard-baked into everything you do when developing, deploying, using and maintaining AI-powered technologies — whether they’re your own or provided by a third-party vendor.
To do that, businesses need complete traceability for all components used in AI development. They also need full explainability and verification for every AI-generated output. You can’t do that without keeping humans in the loop and putting security at the forefront of your strategy. If, however, you view AI solely as a way to save time and cut costs by laying off workers, with little regard for the consequences, then it’s just a matter of time before disaster strikes.
AI-powered security solutions also play a critical role in countering the threats. They’re not a replacement for talented security analysts but a powerful augmentation that helps them do what they do best on a scale that would otherwise be impossible to achieve.
