Supply chain attacks have evolved. What were once isolated package compromises are now automated campaigns that scale through CI pipelines, registries, and stolen tokens.

Over the past year, we uncovered several major incidents that reveal this shift. We exposed the Shai-Hulud self propagating npm worm, which used stolen maintainer tokens to republish across packages. We identified the largest known mass compromise of npm packages involving debug and chalk, impacting billions of weekly downloads. We also uncovered the backdooring of the official XRP cryptocurrency SDK inside a trusted registry.

Across these investigations, a repeatable pattern emerged:

• Token theft replaces package compromise as the primary objective
• CI automation becomes a lateral movement engine
• Registry trust amplifies small footholds into ecosystem-wide incidents
• AI tooling reduces the cost and speed of generating and refining malware

AI is not only accelerating attackers. It also enabled detection. By analyzing publishing behavior and dependency anomalies at scale, we identified propagation patterns traditional scanners missed.

This session breaks down how these attacks work and what engineers must redesign: limiting token blast radius, hardening CI workflows, strengthening registry controls, and using AI-assisted detection to counter automated threats.

Supply chain security now moves at machine speed. Defense must too.