Von der Quelle bis zur Auslieferung: Sichere Software Supply Chains in KI-Projekten

AI projects rarely fail because of the model itself.
They fail because the supply chain around it is weak.

In this session, we show how to secure the entire supply chain of your AI solutions.
From data sources and training pipelines all the way to deployment and operations.

We highlight typical risks such as data poisoning, manipulated models (“PoisonGPT”), strong cloud dependencies, compliance requirements (e.g. GDPR), and IP theft.
Along a concrete value chain, we discuss:

Data Governance & Lifecycle Management
Collection, classification, storage, versioning, and archiving of data.

Secure Training Pipelines
Verified models, hash and signature checks, reproducible MLOps pipelines, isolated environments.

Secure Development for AI
Secure dev workspaces, SBOMs for ML stacks, test setups for agent-based and LLM-driven systems.

You will leave with concrete building blocks and architecture principles.
So you can design AI projects that are secure, auditable, and ready for production.
From first requirement to final delivery.

Session language: German

Target audience:
- Cloud and software architects
- Security and compliance leads
- Data & AI engineers / MLOps engineers

Technical level: 200 – architecture and process focused.

Format & duration (flexible):

25 minutes talk + 10–15 minutes Q&A

Speakers:
Rico Komenda, Senior Consultant, adesso SE
Marc Iridon, Senior Consultant, adesso SE

Requirements / setup:
Projector or large screen (HDMI input)
Audio output for short demo or video snippets (optional)

Special notes:
Product neutral, but with examples from the Microsoft ecosystem (e.g. Responsible AI, cloud security services).

Focus on pragmatic measures you can implement in existing cloud and enterprise environments.

In a nutshell:
An end-to-end view on securing AI supply chains.
With clear, practical patterns for data, training, development, and operations.

Flexible by Design: How to Make IAM Projects Adapt to Change

Most IAM and IGA projects don’t fail because of technology.
They struggle because the project and the solution are too rigid for a business that changes every quarter.

In this session, we look at how to build flexibility into Identity & Access Management from day one.
We combine project best practices with real-world lessons from IGA platforms like Omada and cloud services such as Microsoft Entra.

We’ll walk through:

From rigid roadmap to adaptive delivery
How to structure IAM projects in phases, handle changing requirements, and still keep control over scope, budget, and quality.

Designing flexible IAM & IGA architectures
Patterns for roles, policies, workflows, and connectors that survive M&A, org changes, cloud migrations, and new regulations without constant rework.

Governance without paralysis
How to balance control and speed: who decides, who approves, and how to avoid “design by committee” in IAM.

Lessons learned from the field
Concrete examples of what worked (and what didn’t) in real IAM and IGA programs, including takeaways inspired by initiatives like Project BlackCat.

You will leave with a playbook of principles, patterns, and guardrails.
So your IAM projects stay flexible – even when your business does not.

Session language: German

Target audience:
- IAM / IGA project leads and program managers
- Identity architects and cloud/security architects
- CISOs, security leads, and platform owners for Entra / IGA

Technical level: 200

Format & duration (flexible):
35–45 minutes talk
10–15 minutes Q&A / discussion

Speakers (example):
Marc Iridon, Senior Consultant Identity & Security, adesso SE
Thomas Müller-Martin, [role], Omada (co-speaker / vendor perspective)

Requirements / setup:
Projector or large screen (HDMI)
Audio optional (for short demo clips, if allowed)

Special notes:
Product-neutral principles, with practical examples from Omada IGA and Microsoft Entra.
Focus on actionable patterns and project practices rather than marketing slides.

Von der Quelle bis zur Auslieferung: Sichere Software Supply Chains in KI-Projekten​

Der Einsatz von Künstlicher Intelligenz (KI) verändert nicht nur Anwendungen, sondern die gesamte Softwareentwicklungs-Pipeline. Damit entstehen neue Risiken entlang der Lieferkette: vom generierten Code über externe KI-Modelle bis hin zur Integration in produktive Systeme. Viele dieser Komponenten – etwa Modellzoos oder Trainingsdaten sind intransparent, schwer überprüfbar und bieten potenzielle Einfallstore für Angriffe.

Dieser Beitrag beleuchtet die komplette Supply Chain von KI-Projekten mit einem besonderen Fokus auf Sicherheitsrisiken jenseits des klassischen Codes. Thematisiert werden unter anderem Modellintegrität, Herkunftsnachweise (Provenance), abgesicherte Entwicklungsprozesse sowie Schutzmaßnahmen gegen Supply-Chain-Angriffe.

Durch die Kombination regulatorischer Perspektiven (Rico Komenda) mit tiefem technischem Know-how im Bereich Cloud- und Identitätssicherheit (Marc Iridon) zeigt der Beitrag anhand konkreter Praxis- und Forschungsbeispiele, wie Organisationen KI-getriebene Systeme sicher entwickeln und betreiben können. Im Fokus stehen praxistaugliche Strategien zur Absicherung entlang der gesamten KI-Wertschöpfungskette – von der Modellintegrität über Herkunftsnachweise bis hin zu Microsoft-basierten Schutzmechanismen für produktive, oft sicherheitskritische Umgebungen.