[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKzlhiVMK-M8gIw3N6e10_2zPD_XQIvtWzOmjs9sgdgk":3},{"article":4,"iocs":52},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"3aee4743-02ec-49b5-bac6-870d6749ddff","Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security","risky-biz-podcast-ai-agents-are-raising-the-stakes-for-software-supply-chain-sec-308efd","The last six months have been one of the most intense stretches of software supply chain attacks the open source ecosystem has seen. Attackers are compromising widely used packages, abusing trusted developer workflows, stealing credentials, and using package registries, IDE extensions, and source repositories to distribute malicious code. At the same time, AI coding agents are changing how software gets built, pulling in dependencies at machine speed and making unreviewed trust decisions without much context. That combination raises the stakes for teams that rely on open source software. In a new Risky Business sponsor interview, Socket founder and CEO Feross Aboukhadijeh joins Patrick Gray to discuss the surge in supply chain attacks, how AI agents are changing dependency risk, and why malicious packages often evade traditional security tools. The conversation also covers Socket Firewall, which blocks malicious packages and code extensions before they reach developers' machines. Feross explains how teams can use it as a package manager wrapper, in CI, or as a network proxy\u002Fupstream for internal package registries. AI is making the supply chain problem louder, faster, and harder to manually track. It can also give defenders the scale to review open source code in ways that were previously out of reach. Watch the full interview below.","The open source ecosystem has experienced a surge in supply chain attacks over the last six months, with attackers compromising packages and distributing malicious code. The increasing use of AI coding agents, which pull dependencies at machine speed and make unreviewed trust decisions, exacerbates these risks. This combination makes it harder for teams to manage open source software security, as malicious packages often bypass traditional security tools.","AI agents are accelerating software supply chain risks by increasing dependency speed and unreviewed trust decisions.","Research\u002FSecurity NewsChrome and Firefox Extensions Posing as Free VPNs Add Clipboard Stealers via Malicious UpdatesMalicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.By Kirill Boychenko, Kush Pandya - Jun 29, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Frisky-biz-podcast-ai-agents-raising-the-stakes?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002Ff96ed0caf0be7928a086801d760f6eafb064ff28-909x511.png?w=1000&q=95&fit=max&auto=format","2026-06-30T21:47:23.554+00:00","2026-07-01T00:00:31.905098+00:00",7,[18,21,23,26],{"name":19,"type":20},"AI agents","technology",{"name":22,"type":20},"open source",{"name":24,"type":25},"Socket Firewall","product",{"name":27,"type":28},"Socket","vendor","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":29,"icon":31,"name":32,"slug":33},null,"Supply Chain","supply-chain",[35,37,42,47],{"category":36},{"id":29,"icon":31,"name":32,"slug":33},{"category":38},{"id":39,"icon":31,"name":40,"slug":41},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":43},{"id":44,"icon":31,"name":45,"slug":46},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":48},{"id":49,"icon":31,"name":50,"slug":51},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",[]]