TL;DR: Open Source Summit Korea 2025 showed how national AI strategy, open source governance, and security concerns are increasingly converging around infrastructure, talent, and ecosystem control, according to Cybertrust Japan. The practical lesson is that AI scale depends on governance, not just model performance, and identity, supply chain, and access controls will determine whether that scale is durable.
At a glance
What this is: This is a field report on Open Source Summit Korea 2025 and its central finding that AI strategy, open source, and governance are becoming linked at the national and ecosystem level.
Why it matters: It matters to IAM and security teams because AI programmes increasingly depend on open source platforms, supply chains, and delegated access paths that require stronger governance than traditional software delivery models.
By the numbers:
- AI model performance can be delivered at 90% lower training cost than frontier models in some open source deployments.
👉 Read Cybertrust Japan's field report from Open Source Summit Korea 2025
Context
AI strategy and open source governance are increasingly being discussed together because modern AI programmes depend on shared infrastructure, community tooling, and a supply chain that spans code, models, data, and people. In that environment, access control and software provenance are not side concerns, they are part of the operating model.
For IAM and security teams, the relevance is indirect but real: open source AI ecosystems create more delegated access, more service accounts, more build and deployment automation, and more third-party dependencies. That expands the identity surface even when the article is not explicitly about identities, which is why governance must be considered alongside technical adoption.
Key questions
Q: What breaks when open source AI ecosystems scale faster than governance?
A: When open source AI ecosystems scale faster than governance, organisations accumulate unreviewed dependencies, over-broad automation, and unclear ownership of credentials and release paths. That makes it easier for supply chain compromise, accidental misconfiguration, or malicious delegation to spread across teams. The main failure is not model capability, but trust management.
Q: Why do AI and open source programmes increase identity risk in practice?
A: AI and open source programmes increase identity risk because they rely heavily on service accounts, tokens, CI/CD credentials, and delegated access between tools and teams. Each connection creates a new trust relationship that must be scoped, monitored, and revoked. Without that discipline, machine identity sprawl becomes an operational weakness.
Q: How can security teams evaluate whether open source AI trust is under control?
A: Security teams should look for signed artifacts, clear maintainer approval paths, token scoping, and evidence that build and deployment identities are time-bound and audited. If the same credential can build, sign, and deploy without separate checks, the trust model is too permissive.
Q: Who is accountable when AI supply chain governance fails?
A: Accountability should sit with the owners of the platform, the security control set, and the release process, not just the developers using the tools. If an organisation cannot name who approves provenance, who can publish artifacts, and who can grant automation access, it has a governance gap rather than a tooling gap.
Technical breakdown
Why open source AI changes the governance model
Open source AI changes governance because the security boundary moves from a single vendor product to a distributed ecosystem of code, models, data, and contributors. That increases dependency risk, review complexity, and the number of places where trust must be established. The article's discussion of national strategy, community ecosystems, and infrastructure investment points to a future where AI capability is shaped as much by governance as by raw model quality.
Practical implication: treat open source AI adoption as a supply chain and access governance problem, not only a technology procurement decision.
Rust in Linux and the security economics of platform change
Rust adoption in Linux is a useful example of how security gains often arrive through architectural change rather than isolated controls. Rust reduces memory safety defects at compile time, which can lower entire classes of vulnerability in kernel code. But the transition also changes contributor workflows, code review expectations, and the skills mix needed to sustain the platform, so security improvement always comes with governance overhead.
Practical implication: pair language or platform modernisation with review, policy, and contributor access controls so the security benefit is actually sustained.
AI agents, open source tooling, and identity exposure
As AI becomes a third pillar alongside training and inference, the identity layer becomes more important because agents and automated pipelines rely on credentials, tokens, and scoped permissions to act. Even in a broad open source discussion, this is where NHIs emerge: build systems, model pipelines, and orchestration layers all depend on secrets and machine identities. If those identities are not governed, the ecosystem becomes harder to trust as it scales.
Practical implication: inventory service accounts, API keys, and pipeline credentials before expanding AI or open source automation.
Threat narrative
Attacker objective: The objective is to exploit trusted software and automation paths to gain durable access or influence across downstream systems.
- Entry occurs through trusted open source tooling, community code, or AI infrastructure components that are adopted faster than they are reviewed.
- Escalation follows when automation, build systems, or delegated permissions give an attacker or malformed process broader reach than intended.
- Impact lands as supply chain compromise, data exposure, or corrupted AI outputs that affect multiple downstream teams or products.
NHI Mgmt Group analysis
Open source AI strategy is becoming an identity governance problem as much as a technology strategy. The article shows that national competitiveness, community adoption, and platform innovation are now intertwined. Once AI tooling is embedded into build pipelines, deployment systems, and collaborative ecosystems, the identity surface expands with it. Practitioners should treat each new automation path as a governed trust relationship, not a neutral engineering convenience.
AI supply chain trust gap: the real risk is not only code quality, but uncontrolled delegation. Open source AI ecosystems depend on contributors, maintainers, build systems, and automated release paths, any of which can become a trust anchor if left unscoped. That makes identity, provenance, and access boundaries part of the security control plane. Practitioners should map who can sign, build, publish, and deploy before expanding AI use.
Rust adoption in Linux shows that security gains come with governance trade-offs. The move improves memory safety, but it also introduces new skills, review patterns, and contribution workflows that organisations must manage carefully. Security leadership should avoid assuming that safer code removes the need for tighter review and access control. Practitioners should align technical modernisation with operating discipline.
AI scale will increase the number of machine identities faster than most organisations can track manually. The article's emphasis on AI infrastructure, ecosystem expansion, and national investment implies more automated orchestration, more service accounts, and more token-based access. That creates a direct governance burden for IAM and PAM teams. Practitioners should plan for machine identity lifecycle controls alongside AI rollout, not after it.
National AI programmes will increasingly depend on open source trust frameworks. When governments and industry coordinate around AI infrastructure, the question is no longer whether open source matters, but how trust is established across the ecosystem. Security teams should expect provenance, dependency review, and delegated access governance to become baseline controls, not specialist add-ons. Practitioners should prepare for that shift now.
What this signals
AI and open source adoption will keep pushing identity controls upstream into build and release pipelines. That means practitioners should expect more scrutiny on service accounts, automation tokens, and delegated publish rights as AI tooling becomes embedded in development workflows. The governance question is no longer whether the pipeline works, but whether every non-human actor inside it is bounded, revocable, and auditable.
The next control gap is likely to be machine identity sprawl inside AI-enabled software factories. As automation expands, teams should look for multiple overlapping credentials that perform similar actions across repositories, CI/CD, and deployment environments. The operational response is to converge on short-lived access, separate duties, and clear ownership for each non-human identity.
Open source strategy will increasingly be judged by provenance discipline, not community enthusiasm alone. Teams that can verify where code, models, and artifacts came from will be better positioned to use open ecosystems safely. For identity leaders, that means aligning secrets management, workload identity, and supply chain governance before AI adoption widens the blast radius.
For practitioners
- Map delegated access across AI toolchains Identify every service account, token, and API key used by build, training, evaluation, and deployment pipelines. Pay special attention to automation that can publish artifacts or call external model services, because those paths create the broadest trust exposure.
- Require provenance checks for open source AI dependencies Build a release gate that validates source provenance, signed artifacts, and maintainer trust before code or models enter production. Use dependency review for packages, containers, and model assets rather than relying on repository reputation alone.
- Separate human approval from machine execution Ensure that AI-assisted workflows cannot directly elevate privileges, merge code, or deploy production changes without explicit policy controls. Where automation is necessary, constrain it with short-lived credentials and narrowly scoped permissions.
- Add security review to platform modernisation plans When adopting Rust or other safer platforms, include identity, access, and contributor governance in the implementation plan. Secure code alone does not eliminate supply chain or orchestration risk if the operational model remains permissive.
Key takeaways
- The article shows that AI strategy, open source governance, and national competitiveness are converging into one security discussion.
- Its strongest security implication is that automation and delegated access expand identity risk even when the underlying technology is designed to be safer.
- Practitioners should respond by governing provenance, credentials, and release rights together rather than as separate controls.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
MITRE ATT&CK and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and CIS Controls v8 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| MITRE ATT&CK | TA0006 , Credential Access; TA0010 , Exfiltration | Open source and AI supply chain compromise often leads to credential abuse and data theft. |
| NIST CSF 2.0 | PR.AC-1 | Delegated access and ecosystem trust are core access-control issues in this article. |
| NIST SP 800-53 Rev 5 | IA-5 | Secrets and authenticator management are central to AI pipelines and build automation. |
| CIS Controls v8 | CIS-5 , Account Management | Machine accounts and service identities need tighter governance as AI automation expands. |
| OWASP Non-Human Identity Top 10 | NHI-03 | This article's identity angle centers on unmanaged machine credentials in automation paths. |
Map build and release trust paths to credential access and exfiltration tactics, then close the highest-risk automation gaps.
Key terms
- Open Source Supply Chain: The open source supply chain is the path code, packages, models, and dependencies follow from creation to production use. It includes maintainers, repositories, build systems, signing processes, and deployment tools, all of which must be trusted and governed if the software is to be safe to consume.
- Machine Identity: A machine identity is a credentialed non-human entity used by software, workloads, or automation to authenticate and act. In AI and open source delivery, these identities often sit inside build pipelines, orchestration layers, and deployment systems, making lifecycle control as important as code quality.
- Provenance Verification: Provenance verification is the process of confirming where software, artifacts, or models came from and whether they were created and signed by trusted parties. It is a supply chain control that reduces the chance of tampering, impersonation, or unauthorized replacement during delivery.
- Delegated Access: Delegated access is permission that one system, person, or process grants to another so it can act on its behalf. In modern AI and open source environments, delegated access is common and necessary, but it becomes dangerous when scopes are too broad or when ownership is unclear.
What's in the full article
Cybertrust Japan's full blog post covers the operational detail this post intentionally leaves for the source:
- Conference observations from Open Source Summit Korea 2025, including the AI and OSPO sessions discussed on site
- Detailed remarks from keynote speakers on Korea's AI strategy and open source ecosystem planning
- The author's现场 notes on Rust in Linux and the policy discussions around open source governance
- Community and regulatory context from Korean open source stakeholders that inform the national strategy discussion
Deepen your knowledge
NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It is designed for practitioners who need to connect identity control with modern automation and AI-driven delivery.
Published by the NHIMG editorial team on 2026-01-06.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org