Using Agents to Secure Satellites’ Supply Chain Systems

Photo of Irina Loghin

Irina Loghin

Technical Curriculum Developer, Neo4j

4 min read

So far, we have all experienced cloud providers being down, but have you ever wondered what happens when a satellite goes down? Or worse, when it gets hacked by Klingons?

In December 2025, I presented what was meant to be a fun technical exercise, during the European Space Agency’s AI STAR Symposium, a threat model for satellites.

What I did not expect was to come out the other side more worried than before.

I am not a satellite engineer, nor a defence analyst, or a space policy expert.
I’ve worked in Cybersecurity and Identity and Access Management, and now my role is to help people understand how graph databases work and how connected data can reveal information that flat tables can’t.

So when I started building this project, I realised something that was a massive reality check: if one critical satellite goes down, we *all* face outages.

All as in:

  • all who use a mobile
  • all who board a plane
  • all who withdraw cash from an ATM
  • all who call emergency services

Let me tell you what a Satellite Supply Chain System looks like:

  • Thousands of components, sourced from dozens of suppliers across multiple countries.
  • These are assembled by subcontractors, integrated into ground systems, and using out-of-sync policies.
  • Every single physical or software component has its own version, maintenance cycle, admin team, and each one represents an attack surface.

And if you are thinking this CANNOT happen in real life, .. I have news for you:

https://spacesecurity.wse.jhu.edu/2024/06/24/japan-cyberattacks/

In 2024, Japan’s space agency confirmed it had suffered a series of cyberattacks, where the method used was UNAUTHORIZED ACCESS!!

And it is not a one-country only event.

Software supply chain attacks went from 13 per month to over 28 per month by mid 2025!

For Space systems specifically, ENISA (the EU Agency for Space Cybersecurity) is now publishing a dedicated threat landscape report for commercial satellites, that you can find here:

https://www.enisa.europa.eu/publications/enisa-space-threat-landscape-2025

So, how do we prevent this from happening?

I rolled up my sleeves and started modelling some minimal data in a Neo4j Knowledge Graph, based on relationships between: Satellites-Components -Vulnerabilities-Suppliers-Groundstations-Users-Roles… and I ended up with something like this:

Now it is all visible!
After this massive realisation, I took some time to think of what would be a natural next step in progressing with this project, while thinking of some new potential queries to run to better showcase the impact.

The real power comes from graph algorithms layered on top of this data, and since access propagates through relationships:

Now I can quickly identify a whole trajectory: Users-Roles-Permissions-Components-Vulnerabilities-Satellites.

Once I modelled this, I could answer questions like:

  • Which roles are compromised if a security vulnerability is identified?
  • What is the highest risk and which component is affected, from which supplier, that is also providing for other clusters of satellites?

This is what I showed last December at ESA’s AI STAR, and the audience’s feedback was SURPRISING: “I knew this was a problem, but I have never seen it in such a visual way like this”. This reaction stayed with me, and pushed me to do one more step in researching this issue:

What did I do in Amsterdam?
I created an additional layer, of talking to the knowledge graph in plain language, through a Neo4j Aura Agent.

The idea behind this is to support security and space analysts in their mission of securing our planet’s satellite fleet, not by having to learn cypher, but by eliminating the need for it.

Here is how it works:

In Cypher, it would look like this:

**Neo4j Aura Agent** is a no/low-code platform where you can retrieve this data without having to know Cypher:

The good news is that even if you don’t know Cypher, the agent DOES, and it provides reasoning for this response:

How can you build something like this?

The process is similar to what I have done:

  • Understand your use case
  • Do some research in learning about what you would like to achieve
  • Get some data
  • Import it into Neo4j Aura (Sign up here: https://console.neo4j.io)
  • Create an Agent from your console

Everything you need to know is on GraphAcademy, free to access, all you need is to enroll: https://graphacademy.neo4j.com/courses/aura-agents.

If you work in Security, Aerospace, Space Infrastructure, or think the world deserves a more secure internet, I hope this was helpful.

Thank you if you were in the room either at ESA or in Amsterdam, and if not, please let me know your thoughts in the comments!

Using Agents to Secure Satellites’ Supply Chain Systems was originally published in Neo4j Developer Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Share Article

Explore

Neo4j GraphML Detects Network Intrusion in Snowflake


16 min read

Architecting Graph-Based Agentic System: When a Regulator Asks “Why Was This Loan Approved?”

Architecting Graph-Based Agentic System: When a Regulator Asks “Why Was This Loan Approved?”


11 min read

Batching Like a Pro

Batching Like a Pro


8 min read

When Your Agents Share a Brain: Building Multi-Agent Memory with Neo4j

When Your Agents Share a Brain: Building Multi-Agent Memory with Neo4j


9 min read

Expensive AI models may sound smart, but without context, they don’t actually understand your business. It’s Ferris Bueller’s Ferrari with nowhere to drive. All engine. No roads.

The Context Gap: Why Your Smart-Sounding AI Struggles to Reason


4 min read

Building an AI Agent with Memory: Microsoft Agent Framework + Neo4j

Building an AI Agent with Memory: Microsoft Agent Framework + Neo4j


17 min read