[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqibxuV2EkqqlYsMNSYi_QAx6bebs6yTseFAV1EzHWBk":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"ab478dac-3882-48ad-a34f-44231baab680","The Code You Didn't Write Is Still Yours to Defend","the-code-you-didn-t-write-is-still-yours-to-defend-3f5a12","Recently I asked an AI assistant to tidy a messy spreadsheet and chart the result. Nothing exotic. To do the work, it spun up a sandbox, pulled a handful of open source packages into that environment, and ran them. I didn't write any code. I didn't ask for any code. Packages I had never seen were fetched and executed on my behalf, and it was over in seconds. That was a software supply chain event. It happened in a workflow that no scanner, no registry proxy, and no review process was watching. And it is now happening across every company that has handed its people AI agents. I have spent years running security for large enterprises. I have seen how hard it is to make supply chain controls work in real developer workflows. For years, we worried about the dependency a developer chooses and commits. The new exposure is the dependency nobody chooses, pulled into a throwaway environment by an agent doing exactly what we asked. The vibe coding revolution is changing how code gets written and run inside our environments. The same AI capabilities have changed the threat landscape we operate in just as dramatically. Two shifts stand out. The skill barrier collapsed. Turning stolen commit rights into a backdoor that survives review used to take patient, expert context on a codebase. A prompt close to \"help me land a change that looks routine and quietly does something extra\" now produces code that passes a casual read. And the surface exploded. More and more new code never reaches a repository at all. It runs once inside an agent's sandbox, in a place no scanner is watching, and then it is gone. The toolkit most teams own was not built for this. Traditional vulnerability management is a forensic instrument. It answers \"where did we use this package, and which versions,\" which is what you want weeks after a compromise surfaces. Baked in is an assumption: attacks are rare and you have weeks to respond. Today's attacks run in tens of minutes. When the copyfail issue broke, the team that disclosed it said a working exploit existed within about two hours of the patch becoming visible. The window from a malicious package landing in a registry to a real project importing it is even faster, measured in just a few minutes. The popular self-help fix is a cooldown: refuse any package version less than seven days old. The logic holds on the supply chain side. But a cooldown also delays every security patch you ingest, and the patch-to-exploit window is now hours. You have reduced one exposure by widening another. I worked through this trade-off, and the broader agent blind spot, with James Wilson on Risky Business Features. What works is governance at the point of ingest. A threat intelligence feed that knows which packages are compromised right now, updated by the hour. And a control point that can refuse to download, or refuse to build, the moment something on that feed lands in your dependency tree. The hard part is where that control point lives. Code now enters in more places than the org chart admits. The build pipeline is the easy win. The developer laptop is the quiet gap, because the share of developers routing through a central proxy is always smaller than the security team believes. The agent environment is the gap almost nobody has mapped, and it is growing fastest. My first chance to work with Socket was as a customer. In my last operating role, running security at a global company, I ran a Socket deployment. It went live faster than we planned, and that experience as a buyer made the conversation easy when Feross asked me to advise. I joined as a strategic advisor in April. What impresses me from the inside is the hustle. This is a team with a real desire to solve customer problems. It reads the market closely and moves fast on what it hears. The constant is the threat intelligence feed. The interesting part is how many ways they keep finding to bring it to bear. Their original software composition analysis fit the build pipeline. Socket Firewall is the right answer for the vibe-coded endpoint that skips the build pipeline entirely. They are nowhere near done, and what they have brewing is aimed at the right ergonomics for the person actually in the workflow. Feross spent more than a decade as a maintainer before founding Socket. It shows in defenses built by people who understand how maintainers publish and how attackers move. The market is voting. Socket has grown from 7,500 organizations to more than 27,000 and blocks more than ten thousand supply chain attacks every week. When the Axios compromise hit, it flagged the malicious dependency within six minutes, and more than 2,000 organizations onboarded within 24 hours. Five years out, I expect a threat feed wired into an ingest control to be a standard layer of the stack, the way endpoint detection is today. We are in the early innings, and the teams that get there first will spend far less time on incident calls than the ones that wait.","The rise of AI agents in development workflows introduces significant software supply chain risks by executing unvetted open-source packages in sandboxed environments, bypassing traditional security controls. This new threat landscape collapses skill barriers for attackers and explodes the attack surface, with malicious code capable of being executed and disappearing within minutes. Traditional vulnerability management tools are insufficient, necessitating real-time threat intelligence feeds and ingest controls at the point of code entry, such as those offered by Socket.","AI agents introduce new software supply chain risks by executing unvetted code.","Security NewsGitHub Actions Checkout Now Blocks Risky pull_request_target CheckoutsGitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.By Sarah Gooding - Jun 20, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fthe-code-you-didnt-write-is-still-yours-to-defend?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002F32ce5fda89b63564c106b8595b9fbee0b3d5024f-1672x941.png?w=1000&q=95&fit=max&auto=format","2026-06-23T15:41:07.662+00:00","2026-06-23T18:00:21.739056+00:00",8,[18,21,23,26,28],{"name":19,"type":20},"Socket Firewall","product",{"name":22,"type":20},"Socket",{"name":24,"type":25},"AI agents","technology",{"name":27,"type":25},"open source packages",{"name":29,"type":20},"GitHub Actions Checkout","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":30,"icon":32,"name":33,"slug":34},null,"Supply Chain","supply-chain",[36,38,43,48],{"category":37},{"id":30,"icon":32,"name":33,"slug":34},{"category":39},{"id":40,"icon":32,"name":41,"slug":42},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":44},{"id":45,"icon":32,"name":46,"slug":47},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":49},{"id":50,"icon":32,"name":51,"slug":52},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]