Cybertrust's AI Trust Plan
2026-06-16 07:25:41
#AI Trust #Dark Sky #Cybertrust

Cybertrust Unveils Trust Infrastructure for AI Age in Critical Supply Chains

Cybertrust's Vision for AI Era Trust Infrastructure



In a groundbreaking announcement, Cybertrust, based in Minato, Tokyo, has revealed its innovative concept aimed at strengthening the IT infrastructure supporting critical operations in the AI age. The initiative focuses on developing a trust foundation tailored specifically for the supply chain of essential infrastructure, which is increasingly reliant on AI technology.

The Trust Framework Concept


This new framework, dubbed the "Trust Infrastructure for AI Supply Chains," seeks to enhance the reliability of AI systems through two pivotal elements: the transparency of software platforms and the authenticity of data. Cybertrust plans to systematically integrate these elements, drawing from their extensive experience in providing trust services and software transparency since their inception. By implementing this trust foundation, essential service providers will be able to manage their IT infrastructure safely and sustainably, even in an era dominated by AI.

As a first step, Cybertrust has announced its collaboration with Dark Sky Technology, Inc., headquartered in Fort Collins, Colorado. Together, they aim to roll out the "OSS Conformity Certification Service" starting from September 2026. This service will support critical IT systems and embedded products by assisting with the establishment of OSS acceptance criteria, evaluating software bill of materials (SBOM) and OSS configuration information, determining vulnerability responses, and creating reports for audits and customer explanations.

Context and Importance


As AI integration increases in software development and operations, there remains a significant challenge in essential infrastructure sectors. Simply utilizing AI-generated code or configurations without thorough scrutiny is not acceptable. Continuous validation and explanation regarding software structure, the origins of OSS, vulnerability assessments, and operational decision history are now paramount. As the AI wave advances, essential infrastructure providers must establish robust management systems for not only the software framework that supports AI but also the OSS footprints involved.

The Japanese government has recognized this necessity, with the Ministry of Economy, Trade and Industry and the Cabinet Office rolling out the guideline titled "Roles Required of Cyber Infrastructure Providers" in March 2026. These standards are designed to ensure that both the supply chain's developers and their clients acknowledge their roles in maintaining security across the entirety of software development, delivery, and operational phases. Cybertrust is poised to leverage this evolving market landscape and these guidelines to bolster continuous operational management of IT infrastructures in the AI age.

Trust Foundation Details


The proposed trust foundation consists of a comprehensive framework for managing critical IT infrastructures, which includes operating systems, OSS, software configuration, response to vulnerabilities, and operational trails throughout their lifecycle. The speed of software development in the AI era necessitates a continual obligation to maintain the ability to explain software usage, code generated, modifications applied, and operational judgments.

Moreover, as AI-generated data usage continues to evolve, discussions surrounding international standards for authentication, authorization, and data integrity are gaining momentum. This is especially crucial in critical infrastructure domains that require compliance with standards such as ICAM (Identity, Credential, and Access Management), ABAC (Attribute-Based Access Control), and IPSIE (Interoperability Profiling for Secure Identity in the Enterprise).

Cybertrust aims to harness its extensive expertise with Linux, OSS long-term maintenance, and embedded Linux development to create a cohesive trust foundation. By integrating knowledge from its trust services—including authentication, authorization, and data integrity—Cybertrust strives to develop a trust framework that meets the demands of AI-driven critical infrastructures.

Collaboration with Dark Sky Technology


As part of the initial phase of the trust framework concept, Cybertrust is collaborating with Dark Sky to ensure the safe and continuous utilization of OSS within critical infrastructures. The cooperation will combine Dark Sky's Bulletproof Trust software supply chain security platform with Cybertrust's knowledge in long-term Linux/OSS support and embedded Linux development. Bulletproof Trust will assist in managing SBOM, assessing the health of OSS packages and their dependencies, providing threat intelligence, and managing audit trails to maintain a secure development environment.

This joint effort will focus on continuously assessing and managing OSS risks from the development phase through to operational deployment, thus ensuring a safe operating environment governed by well-established OSS utilization policies.

OSS Conformity Certification Service Explained


The new "OSS Conformity Certification Service" will support organizations in understanding and managing OSS utilization effectively throughout its lifecycle. This service covers various areas, including:
  • - Development of OSS acceptance criteria and operational policies.
  • - Evaluation of SBOM and OSS configuration information.
  • - Assessment of OSS maintenance, vulnerabilities, licenses, and development community risks.
  • - Prioritization for addressing vulnerabilities.
  • - Justification for exceptions and continued usage decisions.
  • - Assistance in creating audit and customer explanation reports.

Simply producing a SBOM does not guarantee safe OSS operation; it also requires ongoing justification and documentation on why certain OSS is acceptable or requires further review. Cybertrust and Dark Sky are positioning this operational support as the "OSS Conformity Certification Service" for prime contractors involved with critical IT systems and embedded products.

Future Expansion


Cybertrust plans to expand its initiatives focused on the trust foundation for critical infrastructure supply chains through further phase-wise development. Initially, the collaboration with Dark Sky will concentrate on OSS acceptance criteria establishment, SBOM assessment, determining vulnerability responses, and audit support for critical IT systems. By building on existing development and operational environments, Cybertrust will evaluate OSS acceptance and configuration information before potentially automating these processes.

For embedded products, discussions will look into integrating with EMLinux and custom maintenance services, in addition to extending the management of information related to development and operational processes, including CI, build artifact management, and testing result management.

In the future, Cybertrust aims to lay the groundwork for managing risks associated with AI-generated code, reviews of modification suggestions, assessments of vulnerabilities' real-world impacts, and the establishment of signed audit trails. Additionally, collaboration will focus on adapting trust services in accordance with emerging standards in authentication and data integrity.

Comments from Leadership


In a statement, Cybertrust CEO Yuji Kitamura emphasized the need for continuous evaluation and sound operational procedures in accepting and managing OSS within systems supporting critical infrastructure. As AI utilization increases, the importance of managing software configuration and underlying decision-making processes grows. Cybertrust is committed to advancing the trust foundation concept, aligning their expertise in platform and trust services to meet the demands of critical infrastructures in the evolving AI landscape.

Michael Mehlberg, CEO of Dark Sky Technology, echoed the sentiment stating that managing uncertainty in global software supply chains is crucial for companies providing software in reliability-sensitive fields like critical infrastructure, medical devices, and aerospace defense. By combining Bulletproof Trust with Cybertrust's client service expertise, they aim to support continuous monitoring of software security demands by supplying necessary audit trails and justification. Together, they look forward to facilitating clean OSS operations in Japan's critical infrastructure sector.

About Dark Sky Technology


Dark Sky Technology, Inc., based in Fort Collins, Colorado, is a software supply chain security company. Their Bulletproof Trust platform continuously supports the management of software supply chain risks, from development through post-release operations, through SBOM management, identification of high-risk OSS, threat intelligence, and lifecycle risk analysis.

About Cybertrust


Since 2000, Cybertrust has leveraged its pioneering security and certification technologies as Japan's first commercial public certification authority, developing trust services and platform offerings for on-premise, cloud, and embedded areas using Linux kernel technology and OSS insights. They combine these capabilities to deliver reliable services that validate the correctness of


画像1

Topics Other)

【About Using Articles】

You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.

【About Links】

Links are free to use.