The AI supply chain is a software supply chain with new failure modes The AI supply chain introduces new failure modes where data poisoning and model tampering produce wrong predictions indistinguishable from correct ones, requiring the same signature-and-lineage treatment for datasets and model registries as for container images. Experts argue that securing model artifacts is not separate from securing CI pipelines, and teams must attest artifacts and alert on absence to treat trust boundaries as first-class deploy units. Lede Today's sources converge on a single pattern: the failure modes of streaming data systems and supply-chain security are structurally identical — both are dwell-time problems where silence reads as success. Whether the rot enters through a poisoned Grafana plugin, a stale batch artifact, or a Server-Timing header leaking topology, the fix in Data Engineering, System Design, Cloud & Infrastructure, and Security is the same: attest the artifact, alert on absence, and treat the trust boundary as a first-class deploy unit. 7 Domains AI / ML — The AI supply chain is a software supply chain with new failure modes Securing model artifacts is not a separate discipline from securing containers and CI pipelines; the trust boundary just moved upstream to datasets, feature stores, and model registries. Data poisoning and model tampering produce wrong predictions that look identical to correct ones — the detection problem is the same as detecting a silently stale batch. "An attacker can corrupt the data to manipulate the output for any model. And if your business rely in prediction and EI wrong outputs mean wrong decision." — Source 27 — Vault for AI supply chain For teams shipping inference on shared GPU pools, every training dataset and adapter needs the same signature-and-lineage treatment as a container image — not a separate ML governance track. Web Performance — Self-hosted third-party JS trades cache wins for a build-time trust boundary Post-cache-partitioning, self-hosting third-party bundles is the correct LCP move, but only if the build pipeline assumes the integrity role the browser used to play via SRI. Pinning exact versions and hashing vendored files in CI converts a runtime guarantee into a build-time one without losing it. "Self-hosting third-party JS for LCP gains is the correct performance move post-cache-partitioning, but it shifts your trust boundary from 'browser verifies integrity at load time' SRI on cross-origin to 'your CI/CD pipeline verifies integrity at build time.'" For a staff-plus engineer building observability on a checkout-driven stack, ship a CI step today that diffs every vendored bundle against upstream hash before the LCP optimization lands. System Design — Circuit breakers must fail in the direction that preserves correctness, not the direction that preserves uptime The textbook three-state breaker closed/open/half-open assumes "fail to a fallback" is always safe — but for experiment assignment, falling back to control silently corrupts randomization. The right answer is a third terminal state "unassigned" that downstream analytics already handle. "The default circuit breaker behavior — fail closed, return a fallback — is exactly wrong for experiment assignment. Falling back to control corrupts your experiment by inflating the control arm during degraded periods." For teams running A/B infrastructure on shared connection pools, audit every breaker fallback to ask whether the fallback preserves the invariant the caller actually cares about. Cloud & Infrastructure — Live streaming origins scale by isolating publish from retrieval paths Path isolation — separate EC2 stacks, separate KV clusters for read vs write, separate storage engines EVCache vs Cassandra — is what lets one origin survive a 65M-concurrent retrieval surge without taking down ingest. Priority rate limiting then degrades gracefully when non-autoscalable resources backbone bandwidth, storage capacity saturate. "This comprehensive path isolation facilitates independent cloud scaling of publishing and retrieval, and also prevents CDN-facing traffic surges from impacting the performance and reliability of origin publishing." — Source 2 — Netflix Live Origin For teams running multi-tenant origins on cloud blob storage, identify which resources cannot autoscale and design the priority ladder before the next traffic spike, not during it. Data Engineering — Partition by update-frequency tier, not by source identity The intuitive partition key source ID creates cold/hot partition skew when source update rates differ by orders of magnitude. Tier-based compound keys distribute the load while preserving per-source ordering within a tier — and the sequential-I/O advantage of the log holds regardless of payload schema. "Don't partition by grant source ID. Partition by update-frequency tier high/medium/low with a compound key of tier:source hash . This prevents the 3-5 high-frequency portals from monopolizing a partition while 180+ low-frequency sources sit idle on cold partitions." For teams ingesting heterogeneous feeds CDC from many small tables, webhook fan-in, IoT sensor mixes , measure per-source throughput before choosing the partition key, not after observing lag. Security — Public-facing app exploitation jumped 44% Source 35 source-35 , driven by supply-chain trust in dev ecosystems The shift from credential theft to public-facing exploitation reflects attackers targeting the trust relationships in development infrastructure — CI providers, IaC providers, plugin registries — because one compromise propagates to many downstream deploys. The SolarWinds playbook now applies to AI infrastructure unchanged. "It reflects a a rise in the supply chain attacks targeting the development ecosystems and trust in infrastructure... over half of those vulnerabilities um did not require authentication to exploit" — Source 35 — Public-facing app exploits surging For platform teams, the highest-leverage control this quarter is signing and verifying every artifact container, Terraform provider, Grafana plugin, model weight at admission, not adding another scanner. Engineering Career — Translate security risk into the same EAL framework finance uses for latency ROI Security spend loses budget fights against CDN spend because they're denominated differently — one is continuous revenue, the other is probabilistic loss. Expected Annualized Loss puts both in $/quarter and lets finance make the comparison they're already trying to make. "Expected Annualized Loss EAL = P incident per year × Total Incident Cost... Once both CDN gains and security losses live in the same column of the same spreadsheet, finance can compare them directly." For staff-plus engineers preparing planning docs, bring one EAL number per proposed control to the next budget review — not a CVE count. Cross-Cuts Data Engineering × System Design The non-obvious bridge: schema evolution, partition strategy, and circuit-breaker fallback are all the same design problem viewed through different lenses — they all answer "what happens when the producer and consumer disagree about state?" FULL Avro compatibility with major-version topics decouples streaming and batch consumers the same way tier-based partitioning decouples high- and low-frequency producers. The shared principle is that the system survives by making disagreement explicit rather than papering over it with defaults, exactly as an experiment-aware breaker returns "unassigned" instead of silently falling back to control. Path isolation in a streaming origin is the infrastructure-layer expression of the same idea: publish and retrieval disagree on load shape, so they get independent failure domains Source 2 — Netflix Live Origin source-2 . Cloud & Infrastructure × Security Cloud-native security and observability share a failure mode that traditional perimeter security does not: silent staleness. A poisoned batch source serving a valid-looking output generates no anomalous network telemetry, and a stale Grafana dashboard hides the compromise that produced it. The transferable control is supply-chain-style signing of every artifact crossing a trust boundary — container images via Cosign, batch outputs via attestation, third-party JS via build-time hashing — combined with alerting on the absence of a fresh signature rather than on the presence of bad data Source 34 — Zero trust integration source-34 . The CNCF lifecycle model develop, distribute, deploy, runtime maps cleanly onto data pipeline stages, and the runtime-phase access/compute/storage split applies identically to data plane resources Source 26 — Cloud native security phases source-26 . The lesson for infrastructure teams: every observability surface is also an attack surface, and the same Server-Timing header that helps debug LCP also leaks backend topology. Enterprise System Graph php flowchart LR A CDC Source