South Korea's Ministry of Science and ICT and the National Intelligence Service on Tuesday said they have prepared a software supply chain security roadmap for an era of widespread artificial intelligence use.

The roadmap will be announced at the 2026 Supply Chain Security Workshop being held for two days from Tuesday at the aT Center in Yangjae. Details will also be available on the Korea Internet & Security Agency website.

The roadmap consists of three main strategies: strengthening capabilities to prevent incidents, building threat detection and response systems, and establishing a policy foundation.

First, it will embed security in the development and supply stages. It will develop supply chain security standards and guides and expand a security management model based on a software bill of materials, or SBOM. It will also foster specialised supply chain security companies and personnel.

Second, it will set up a system for rapid detection and response to supply chain threats. It will broaden vulnerability discovery channels through bug bounties and a rewards system for reporting vulnerabilities, and build an AI-based supply chain defence system. It will also prepare measures to verify and respond to security risks in ICT products supplied to the public sector.

Third, it will form a cross-government software supply chain security consultative body and refine related systems. It will expand products covered by the security suitability system, and support companies' overseas expansion through cooperation with leading cybersecurity countries and mutual recognition of domestic certifications.

Lim Jeong-gyu (임정규), director general for Information Security and Network Policy at the science ministry, said supply chain security has become more important than ever as cyber threats targeting software supply chains increase and broad AI-driven cyberattacks gather pace. He said the government will continue to strengthen supply chain security starting with the roadmap announcement.

The National Intelligence Service said the roadmap would serve as a milestone for raising the level of cybersecurity for the country and companies by another step. It stressed it would respond pre-emptively to global supply chain threats through public-private cooperation.