AI brings new cyber risks

A new industry benchmark from the Retail & Hospitality Information Sharing and Analysis Center and IANS surveyed just over 200 chief information security officers and found that seven in ten said artificial intelligence had been added to their responsibilities in the last year. (prnewswire.com) Those security leaders reported only a modest rise in security spending — security budgets moved from about 0.57% to 0.75% of revenue — even as their remit expanded to include company-wide AI oversight and product security. (hospitalitynet.org) (prnewswire.com) Security publications say attackers are increasingly aiming at the software and data supply lines that hotels depend on — a supply chain attack is when an adversary compromises a vendor, shared software component, or third-party service in order to reach many customers downstream. (techradar.com 1) (techradar.com 2) Those attacks take a few repeatable forms: poisoning training data (adding bad or misleading examples so an AI gives wrong outputs), inserting malicious code into shared software packages that platforms load automatically, or slipping backdoors into vendor updates or models so the attacker can extract data or change automated decisions later. (datadoghq.com) (ibm.com) Because hotels are automating procurement workflows and centralizing inventory and guest-personalization services, those automation layers create additional integrations and third-party dependencies — for example, supplier price feeds, automated reorder signals, and reservation or property-management plugins that connect to a central inventory engine. (kcprofessional.com) (techradar.com) The benchmark report notes security teams are responding by folding AI governance, vendor product security checks, and supplier risk assessments into operational planning — in other words, security is being treated as a business-operational function rather than only an IT task. (prnewswire.com)