Supply Chain Attacks: Open Source or Open Door?

Supply Chain Attacks: Open Source or Open Door?

From Microsoft Threat Intelligence Podcast by Microsoft

June 3, 2026 · 39 min · Season 3 · Episode 70

About this episode

The episode discusses the rising threat of open source software supply chain attacks and insights from a recent presentation at BlueHat IL 2025.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025. In this episode you’ll learn: How attackers are targeting open source software ecosystems at scale Why AI is accelerating both cyberattacks and threat detection What was uncovered during their BlueHat presentation on modern software supply chain attacks Some questions we ask: What patterns did you uncover in NPM attack campaigns? Should developers rely on dependencies or build everything themselves? Why should organizations pay closer attention to open source security risks? Resources: View Allie Luhrs on LinkedIn View Mario Samolis on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other…

People in this episode

Host: Sherrod DeGrippo

Guests: Allie Luhrs, Mario Samolis

Topics covered

  • supply chain attacks
  • open source software
  • cybersecurity
  • AI in security
  • incident response

Keywords

  • supply chain attacks
  • open source
  • NPM packages
  • AI-generated attacks
  • software dependencies

Mentioned in this episode

Organizations: Microsoft

More episodes of Microsoft Threat Intelligence Podcast

Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.