Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

The open-source project maps directly to OWASP’s top 10 agentic AI threats, aiming to curb issues like prompt injection, ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...