AI Supply Chain Security: Why Trust Is Your Biggest Vulnerability
youtu.be/RrzJPOGjI4M #CyberSecurity #AISecurity #ArtificialIntelligence #MachineLearning #SupplyChainSecurity #AIThreats #Infosec #DataSecurity #OpenSourceSecurity #CloudSecurity #RiskManagement #AIGovernance

MCP and Agent security with Luke Hinds Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

@josh.bressers.name put it well: MCP is moving faster than anyone can keep up with.
@lukehinds.bsky.social joined #OpenSourceSecurity to dig into why agent security is structurally hard and what kernel-level sandboxing nono.sh actually solves.
Episode: opensourcesecurity.io/2026/2026-03...

Original post on cyberplace.social

Airlock v0.3.0: command modules are now opt-in.

Airlock already shipped hardened deny rules per tool and scoped each container via profiles. Now there's a third layer: no command loads unless the operator enables it.

SSH is worth calling out. It's remote code execution with real keys. If you […]

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=O5ewVqmClYo

Alpha‑Omega teams up with OpenSSF to boost open‑source security against AI‑driven attacks. New funding means faster vulnerability detection for maintainers. Curious how Google DeepMind fits in? Dive in! #OpenSourceSecurity #AIThreats #OpenSSF

🔗 aidailypost.com/news/alpha-o...

MCP and Agent security with Luke Hinds Josh talks to Luke Hinds, CEO of Always Further, about MCP and agent security. We start out talking about Luke’s new tool, nono which is a sandboxing tool that has AI agents in mind as a use case. We ...

I had a chat on #OpenSourceSecurity with @lukehinds.bsky.social about his project nono as well as MCP security

nono is a sandbox for containing all these tools which is an incredibly difficult problem to solve. The things we see skills and MCP doing are moving forward faster than anyone can keep up

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

📦 Installing a single package can introduce dozens of dependencies.

Attackers exploit this through typosquatting, malicious packages, and compromised maintainers.

ENISA’s advisory highlights why dependency visibility is becoming critical.

#CyberSecurity #SoftwareSupplyChain #OpenSourceSecurity

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statemen...

This week on #OpenSourceSecurity I had a chat with Paul Kehrer and Alex Gaynor about the statement they published discussing the challenges posed by modern OpenSSL for the python cryptography module

A man with glasses and a white patterned shirt is smiling with his hand near his chin. He has a bald head and light skin.

Marcin Wyszynski warns that open source isn’t the feel‑good story many think. It’s a survival strategy.
Read why teams betting on “free” tools need to rethink risk now:
spr.ly/63329h4jPX

#FoundryExpert #OpenSourceSecurity #SoftwareSupplyChain

Rust coreutils with Sylvestre Ledru Josh talks to Sylvestre Ledru about the Rust coreutils project. We’ve been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary reason...

I had a chat on #OpenSourceSecurity with @sylvestreledru.bsky.social about his Rust coreutils work

Replacing coreutils with Rust is one of those things that I love as a way to improve security but also keep a project fresh in the modern age

I learned a ton from this disucssion

⚠️ El desarrollo con IA lleva el riesgo del código abierto al límite

La IA acelera el desarrollo, pero multiplica los riesgos de seguridad

devops.com/ai-fueled-development-pu...

#OpenSourceSecurity #BlackDuckOSSRA #VulnerabilityManagement #RoxsRoss

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

Full breakdown in this week's Securing the Backbone. Link below. 👇

www.linkedin.com/pulse/securi...

#DevSecOps #SoftwareSupplyChain #OpenSourceSecurity #CyberSecurity

Goose and the Agentic AI Foundation with Brad Axen Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where things...

This week on #OpenSourceSecurity I chat with Brad Axen about Goose and the Agentic AI Foundation

I'm often skeptical about AI claims, but I do approve the foundation model and seeing Goose donated to it

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

Love that GitHub's investing in open source security for AI tools. Keeping those foundational projects safe means fewer Log4Shell nightmares down the line. 🛡️ #OpenSourceSecurity #AI

What Is SBOM? SBOM is a Software Bill of Materials listing all components in software. Understand why it exists, how it works, and its role in software supply chains.

The software supply chain is already broken. SBOMs help you see where.

Learn how to make software visibility your first step.

jeffbailey.us/blog/2026/02...

#Software #SBOM #SoftwareSupplyChain #AppSec #OpenSourceSecurity #DevSecOps #OSS #SRE #PlatformEngineering

What Is an OSPO? An Open Source Program Office (OSPO) coordinates strategy, compliance, and contributions. Learn what an OSPO is, why it exists, and how it works.

Legal, security, and devs walk into a bar. The OSPO keeps it from burning down.

Learn how OSPOs coordinate teams that could easily talk past each other.

jeffbailey.us/blog/2026/02...

#OpenSource #OSPO #SoftwareGovernance #SoftwareSupplyChain #RiskManagement #OpenSourceSecurity

🔥 Tachan de "incendio" de seguridad a OpenClaw, pero hay una forma de protegerse

Un análisis de Snyk revela graves fallos en ClawHub. Te contamos cómo mitigarlos.

https://thenewstack.io/deno-sandbox-security-secrets/

#OpenSourceSecurity #SupplyChain #Snyk #RoxsRoss

15 OpenClaw Security Flaws Disclosed as AI Agent Platform Sees Rapid Enterprise Adoption Researchers disclosed 15 new OpenClaw vulnerabilities, including a critical authentication bypass, as the fast-growing agent spreads across enterprises.

Read more:
www.technadu.com/15-openclaw-...

Do you think AI agent frameworks are being deployed too quickly in production environments? Comment your opinion below.
#CyberSecurity #AIAgents #DevSecOps #OpenSourceSecurity #AccessControl

15 security flaws found in OpenClaw, including a critical auth bypass (CVSS 9.4).

AI agents with file, API & command access expand enterprise attack surfaces.

All patched - but adoption is accelerating fast.

#CyberSecurity #AIAgents #OpenSourceSecurity

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

Researchers disclosed critical n8n vulnerabilities (CVE-2026-25049) enabling sandbox escape and server-level control by authenticated users.

Patches are available, and no confirmed exploitation has been reported.

#CyberSecurity #n8n #CVE #OpenSourceSecurity #TechNadu

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users A security audit found 341 malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS and Windows.

Researchers found 341 malicious ClawHub repos spreading malware — open-source trust is being actively abused at scale. Clone carefully. 🧩⚠️ #OpenSourceSecurity #SupplyChainRisk