---
id: "action-map-ai-dependencies"
type: "action-item"
source_timestamps: ["§ 3. Shore Up the Supply Chains that Matter Most"]
tags: ["supply-chain", "risk-mapping"]
related: ["concept-ai-supply-chain-fragility", "concept-ai-infrastructure-attack-surface"]
action: "Map every dependency in the AI stack, from data sources to drivers and firmware."
outcome: "Ability to anticipate and absorb hardware and software supply-chain shocks without program-wide outages."
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Rigorously Map AI Stack Dependencies

**Action:** Map every dependency in the AI stack — from data sources to drivers and firmware.
**Expected outcome:** Ability to anticipate and absorb hardware and software supply-chain shocks without program-wide outages.

Diversify **infrastructure sources**, prioritize contractual **SLAs for security and patching**, and rigorously map every dependency. This lets the organization anticipate and absorb supply-chain shocks — like delayed OS or GPU driver patches — rather than being derailed by them. Part of Imperative 3 of the [[framework-four-imperatives-ai-security]], grounded in [[concept-ai-supply-chain-fragility]] and [[concept-ai-infrastructure-attack-surface]]. (Enrichment note: extend the mapping to **model and data provenance**, not just hardware.)
