In this article, Dr. Jeanine Johnson explains how AI agents can invoke CI/CD pipelines, sign firmware, and modify infrastructure, increasing the gap between capability and control and creating a new type of supply chain risk. Each step in a prompt-injection-to-signed-artifact attack chain has already been demonstrated independently, and a valid firmware signature no longer indicates a safe artifact but rather a potentially compromised one that is shipped with “full trust”. The remedy: the Agentic Policy & Execution Layer (APEX) for device trust.

The automotive industry's rush toward software-defined vehicles is quietly creating a firmware signing crisis. Modern vehicles can contain hundreds of discrete firmware artifacts, yet most OEMs lack the infrastructure to keep up with rising rate of cyber attacks and tightening regulations, effectively turning a technical gap into a market-access risk.

The EU Cyber Resilience Act enforcement deadline is approaching. The U.S. Cyber Trust Mark is required by the end of the year to remain on federal procurement lists. Device manufacturers that have not begun compliance work are behind timelines required for product certification.

A multitude of recent technological breakthroughs is moving Quantum computing from theory to reality, placing Q-Day on an accelerated timeline. This article discusses the security implications for connected devices.