Supply Chain Attacks: Open Source or Open Door?

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.   In this episode you’ll learn:       How attackers are targeting open source software ecosystems at scale  Why AI is accelerating both cyberattacks and threat detection  What was uncovered during their BlueHat presentation on modern software supply chain attacks  Some questions we ask:      What patterns did you uncover in NPM attack campaigns?  Should developers rely on dependencies or build everything themselves?  Why should organizations pay closer attention to open source security risks?  Resources:   View Allie Luhrs on LinkedIn   View Mario Samolis on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.