Cybertrust Japan unveils trusted infrastructure vision for critical infrastructure AI era

Cybertrust Japan on June 16 announced a new trusted infrastructure vision aimed at helping critical infrastructure operators manage software transparency, data authenticity and OSS risk as AI use expands. The first initiative is a partnership with Dark Sky Technology to launch an OSS Attestation Service planned for September 2026. Why it matters: - Critical infrastructure operators need stronger ways to verify software composition, OSS provenance and vulnerability response decisions as AI-generated code and configuration changes become more common. - Cybertrust Japan is positioning software transparency and data authenticity as core controls for safer, continuous IT operations in mission-critical environments. - The new service is designed to help organizations produce evidence for audits, customer reviews and internal decision-making. What happened: - Cybertrust Japan announced its Trusted Infrastructure Vision for Critical Infrastructure Supply Chains in the AI Era on June 16, 2026. - The first initiative under the vision is a partnership with Dark Sky Technology to provide an OSS Attestation Service for mission-critical IT systems and embedded products. - The service is planned to begin in September 2026. - The announcement was made in Tokyo and Fort Collins, Colorado. The details: - The Trusted Infrastructure Vision is framed as an operating model for continuously managing IT infrastructure, operating systems, OSS, software composition information, vulnerability response, evidence, authentication and authorization, and data authenticity. - The OSS Attestation Service will support OSS intake criteria, SBOM evaluation, vulnerability response decision-making and report preparation for audits and customer explanations. - The service is designed to help organizations decide whether OSS can be accepted, how it should be handled and what evidence supports those decisions. - The service will include support for OSS intake criteria and operational policy development. - It will also evaluate SBOMs and software composition information. - It will review OSS maintenance status, vulnerabilities, licenses and development community risk. - It will document exception decisions, continued-use decisions, customer review materials and audit reporting. - Cybertrust Japan said the service will combine Dark Sky’s Bulletproof Trust platform with Cybertrust Japan’s Linux and OSS maintenance, embedded Linux development, SBOM operations and Japan support. - Bulletproof Trust supports SBOM management, OSS package health assessment, dependency risk analysis, threat intelligence and audit evidence management. Between the lines: - The announcement reflects a broader shift from treating software supply chain security as a technical check to treating it as a formal evidence and governance process. - Cybertrust Japan is linking AI adoption to the need for more explicit review of software composition and change history, especially in regulated or high-reliability sectors. - Dark Sky’s role suggests the companies are aiming to pair platform tooling with customer-facing compliance support. What’s next: - Cybertrust Japan and Dark Sky Technology are expected to roll out the OSS Attestation Service starting in September 2026. - The companies say the collaboration will support safe software acceptance and ongoing monitoring across critical infrastructure supply chains in Japan. - Future use of the service may expand as organizations look for formal ways to document OSS decisions and evidence for cybersecurity requirements. The bottom line: - Cybertrust Japan is betting that critical infrastructure in the AI era will need not just more software controls, but clearer proof that those controls were applied and can be explained.