TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Sponsored Content AI Is Redefining Software Supply Chain Security AI Is Redefining Software Supply Chain Security by Terry Sweeney Apr 1, 2026 Sponsored Content AI Bots Are Breaking Traditional Bot Detection Models AI Bots Are Breaking Traditional Bot Detection Models by Terry Sweeney Apr 1, 2026 World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Cyber Risk Cybersecurity Operations Vulnerabilities & Threats News Source Code Leaks Highlight Lack of Supply Chain Oversight Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. Robert Lemos , Contributing Writer April 3, 2026 5 Min Read Source: Summit Art Creations via Shutterstock Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, as well as Anthropic's accidental publishing of source code for its flagship Claude Code — all in a 10-day period — underscore the risks posed to software supply chains. Attackers exploited a misconfigured GitHub Action and the failure of the development team to recover from the incident to capture the needed credentials for pushing out malicious code . A compromise of the lead maintainer's account led to backdoor-installing Trojans landing in development environments . Other breaches include the KICS static-code analyzer maintained by cybersecurity firm Checkmarx , the open source LiteLLM Python library. And of course, human error that led to the publishing of more than a half million lines of the source code for Anthropic's Claude Code npm package. Related: Axios NPM Package Compromised in Precision Attack Developers' environments and the development pipeline have become primary surfaces of vulnerability, says Jun Zhou, full stack engineer at Straiker, an agentic AI security firm, which published an analysis of the Anthropic incident . "Developer workstations are credential-rich, high-trust, low-visibility zones, and AI coding agents operating inside them are amplifying the exposure," he says. "Claude Code had 25-plus bash security validators in its runtime — which is genuinely sophisticated security engineering — but shipped a 59.8MB source map to a public registry because the publish process lacked a basic content check." Anthropic acknowledged the leak and sent out copyright violation notices to nearly 100 mirrors on GitHub, while leaving others, such as one user that used AI agents to refactor and translate the code to Python and Rust , to continue hosting the software. Checkmarx acknowledged the breach of its open source KICS static-analysis tool through GitHub actions and urged developers to revoke and rotate secrets, and to review their GitHub Actions pipelines for suspicious indicators . The problems, however, do not boil down to one-off issues, such as attackers finding zero-day exploits in the open source software. Rather, these are common weaknesses in the ecosystem, says Rami McCarthy, a principal security researcher at Wiz, a cloud cybersecurity firm and subsidiary of Google. Each incident seems to have resulted from a different failure — misconfigured GitHub Actions, the social engineering of maintainers, and the breakdown of credential hygiene. But the real problem is the cascade of follow-on impacts, he says. Related: AI-Driven Code Surge Is Forcing a Rethink of AppSec "We've built a global software infrastructure that relies heavily on the volunteer efforts of open source maintainers, which creates an incredibly uneven security surface," McCarthy says. "When an attacker targets the weakest link in a chain of transitive dependencies, the downstream impact is massive, making what should be a 'simple' fix a complex, ecosystem-wide coordination problem." Continuous Integration, Continuous Exposure? The incidents underscore the reality that attackers have continuous integration, continuous deployment (CI/CD) environments in their crosshairs. The complex ecosystems not only have to protect sensitive credentials but also manage trusted distribution paths, allowing malware to be pushed downstream to all the software that incorporates a particular open source project, says McCarthy. "The supply chain should be treated as critical infrastructure with guardrails built in at every layer," he says. "This means stronger security around maintainers and publishing, CI/CD environments that assume untrusted dependencies, and ecosystem-wide detection that can surface abnormal package behavior fast." The result is that a single breach can lead to a massive compromise across enterprise systems. Following the compromise of Trivy, for example, attackers moved quickly to expand their initial access, harvesting additional credentials, moving laterally across services, and spreading malicious code. Meanwhile the "blast radius" of the Axios compromise, which itself has more than 70,000 direct dependencies, will likely lead to massive potential fallout, McCarthy says. Related: F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation One problem is that development teams have interpreted the desire to eliminate vulnerabilities from their code as equating to updating every open source component to the latest version. Yet, past studies have found that prior versions often have the right combination of patched code and fewer known vulnerabilities. In fact, the third-most recent version is often the most secure , on average. Development teams' approach "means any compromise of a popular or critical component has a decent chance of quickly entering" into their ecosystem, says Tim Mackey, head of software supply chain risk strategy at Black Duck, a software-security firm. In 2025, nearly two-thirds of organizations (65%) admitted to being a victim of a software supply chain attack in the past 12 months, according to Black Duck's "Open Source Security and Risk Analysis" (OSSRA) report . "Immediate patching seem[s] reasonable, but in reality teams need to perform a risk-based analysis of their dev processes [since the impact of] the Axios attack may linger for some time — particularly where container images are concerned," he says. Far-Reaching Impact The problem with software supply chain breaches is that they can have significant impacts in the future if the incident response is not complete. In the case of Anthropic's leak, for example, the full architecture of Claude Code's context pipeline, sandbox boundaries, and permission validators became public, giving attackers a blueprint to craft payloads that persist through context compaction and target gaps in the security chain, says Jesus Ramon, an AI red team member at Straiker. The leak shows that AI development workflows are moving faster than the security practices around them, and could have wider impact, he says. "Traditional compromised packages execute in a bounded runtime: a coding agent has access to your entire file system, shell, network, and MCP servers, so the blast radius is an entire developer workstation," Ramon says. "AI agents also introduce a new class of attack persistence: a poisoned instruction can survive context compaction and re-emerge as what the model treats as a legitimate directive, then flow into pull requests and production code." Enterprises need to focus on securing their CI/CD pipelines by restricting access to sensitive credentials, while at the same time implementing strong secret-management practices. In addition, developers need to validate and check dependencies to detect malicious code as early as possible, says McCarthy. About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. See more from Robert Lemos Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity