Tag

supply-chain

4 posts with this tag.

Other tags:All postsacceptable-useaccess-controlagentic-aiai-acceptable-useai-adoption ai-agentsai-apisai-assistantsai-behaviorai-codingai-coding-tools ai-compliance ai-contentai-copyrightai-costai-disclosure

Jun 5, 2026·10 min read

Miasma Worm and Phantom Gyp: The npm Supply Chain Attack That Bypasses Security Tools (June 2026)

A self-spreading worm compromised 57 npm packages in under 2 hours using binding.gyp instead of postinstall scripts, bypassing security scanners. What it means for teams that run npm install, and the 5 controls that limit your exposure.

ai-security supply-chainnpmdeveloper-tools

Apr 27, 2026·8 min read

AI Vendor Supply Chain Security: Checklist for Small Teams (2026)

AI supply chain attacks: contractor gets infected, tokens stolen, your systems hit. Checklist to map vendor exposure, scope access, and respond within 24 hours.

ai-security vendor-risk supply-chain incident-response

Apr 20, 2026·10 min read

Vercel Breach 2026: Supply Chain Risk via Infostealer

A Vercel employee's personal Context AI OAuth grant, compromised by Lumma infostealer (spread via Roblox cheats), led to the April 2026 breach of non-sensitive environment variables. What the attack chain means for teams on third-party platforms.

security vendor-riskbreachsupply-chain

Apr 1, 2026·12 min read

AI Vendor Security Incident Response: 4-Step Playbook for TypeScript AI Agent Teams

When your AI vendor has a security incident, your team has hours to respond. Scope, credential rotation, and documentation steps for small teams.

ai-security incident-response vendor-risk governance

Tag