Prevent Supply Chain Attacks with GitLab Pipeline Policies

CI/CD pipelines are a primary target for supply chain attacks. Last month's incidents hit tools at the core of how teams build and ship AI. GitLab analyzed the attack patterns and built centralized policy controls that can detect and block them across your entire organization. These policies can't be skipped or disabled by individual teams, which is exactly the point.

Last month, an AI model gateway was compromised through its own build pipeline and used to reach the next tool in the chain. A separate incident exposed the complete source code of an AI coding assistant, including unreleased model codenames and its full system prompt, through a single misconfigured package. The build pipeline sits at the center of it all. GitLab response: Pipeline Execution Policies that verify tool integrity before execution. We're sharing the policies we built so every organization can deploy them.

AI tools have become a core part of how software gets built. They run inside the same pipelines as everything else, which means they're exposed to the same attacks. And when they're compromised, they have the same access to your credentials, cloud tokens, and secrets. That’s why GitLab built Pipeline Execution Policies. These policies will verify tool integrity before execution and validate artifacts before publishing.

Your dependencies called. They want to know if you've verified them lately. In an era where teams use AI to rapidly prototype and build, generating code at speed only adds value if that code is trustworthy. SonarQube Advanced Security makes that achievable — with malicious package detection integrated directly into your CI/CD pipeline, automatically comparing dependencies against constantly updated lists of known malicious software, with real-time feedback the moment a risky dependency is introduced and quality gate enforcement to fail pipelines automatically if anything is flagged. Keep the speed. Keep the trust. See how 👇 https://bit.ly/4uUc2h1

The recent attack on the Trivy toolchain is a reminder that threat actors are more sophisticated and better funded than ever—and now, they have AI on their side. At SUSE, we’ve spent the last several days investigating the impact. The takeaway? Our products and customers remain secure, but we’re staying humble and vigilant, using this moment to further audit our entire ecosystem and harden our defenses. In open source, transparency is our greatest defense. https://lnkd.in/er-wMAEq #CyberSecurity #OpenSource #SUSE #SupplyChainSecurity

CISA KEV Alert — AI Tooling & Security Toolchain Hit CISA added two this week: Langflow (CVE-2026-33017) — Unauthenticated RCE via `exec()`. Exploited within 20 hours. Patch to v1.9.0. Deadline: Apr 8. Trivy (CVE-2026-33634) — Not just vulnerable. Compromised. Malicious Docker images attributed to TeamPCP cascaded into the LiteLLM supply chain attack. Patch to 0.48.3. Deadline: Apr 16. When your AI pipeline builder and your security scanner are both KEV entries in the same week — that's the threat landscape right now. #CISAKEV #Langflow #Trivy #SupplyChainSecurity #AISecurityRisk

nice. humans missed a 27‑year bug, ai finds it overnight for pocket change. if your security plan is “scan once, patch yearly,” you’re already late. Mythos doesn’t break everything on day one, but it exposes that most defenses assume independent bugs – when attacks are graph-shaped now. start re-scoring chainability, expand bounty scopes, and practice 72‑hour patching. july’s Glasswing is not a shrug. it’s a tsunami.

Coverage of Anthropic’s Mythos Red Team report has followed a familiar pattern: headline-driven reactions, ranging from alarm to dismissal, with limited focus on what the findings actually show. That deserves a reset. Mythos is not simply about AI uncovering vulnerabilities; it underscores a deeper issue: trusting software is no longer a viable strategy, and security must be built on stronger architectural principles. Read our our analysis and takeaways: https://lnkd.in/dd4dV7kB

The March 24th #liteLLM compromise isn't just another vulnerable package; it is a masterclass in why relying solely on CVE databases is a fundamentally broken security posture. For those catching up, the threat group TeamPCP compromised the Trivy GitHub Action to steal PyPI publisher credentials, publishing malicious versions (1.82.7 and 1.82.8) of the liteLLM package. If you ran pip install during the exposure window, the payload executed in three layers: * Exfiltration: AES-256-CBC encrypted archive sent to a remote C2 server. * Credential Harvesting: Aggressive targeting of ~/.ssh, AWS/GCP/Azure credentials, Kubernetes configs, and API keys. * Persistence: Establishing a sysmon.py backdoor that polls the C2 endpoint every 50 minutes. Traditional vulnerability scanners missed this entirely because no CVE existed. They look for known bad patterns, not malicious behavior -- let alone malicious intent. When the scope of this attack became clear, our engineering team Threat Point mobilized instantly. In the face of a critical ecosystem exploit, we knew we had to ship a practical, zero-day defense tool to developers globally. We shipped v0.1.0 in <24 hours. Expect some false positives. It’s a flashlight in a dark room for immediate visibility while we actively iterate to reduce noise. To give teams an immediate way to triage their environments, we built and open-sourced: who-touched-my-packages (wtmp). Here is what the tool does: * Dependency Graphing: Uses Node.js and Python tools to generate a full dependency graph (ensure your dependencies are downloaded as usual prior to scanning). * Local CVE Cross-Referencing: Downloads two sources of vulnerabilities directly to your device (GitHub Advisories and Google's OSV) and matches your dependency versions against them. * Active Behavioral Scanning (Zero-Day Defense): You can optionally pass an Anthropic, Open AI, or Open Router API key via an environment variable. If an API key is provided, an agentic AI process with the latest LangGraph tooling will deeply scan every dependency. * Targeted Threat Detection: The agentic LLM process not only actively hunts for the exact zero-day mechanisms used in yesterday's attack, but it more broadly identifies dozens of threat indicator patterns common in supply chain compromises. This includes data exfiltration, credential harvesting, crypto wallet theft, environment scanning, code obfuscation, persistence, data packaging, and CI/CD poisoning. We are making this completely public and free to use. Install globally & scan your project: https://lnkd.in/gEKvcipK If your security tooling can't analyze what a package is actually doing during execution, you are flying blind. Run your scans, rotate your keys, and secure the ecosystem.

This is what modern cybersecurity should look like: fast, open, and built to actually meet the moment. Great work from Point Wild