2025 marked a turning point for software supply chain security, not because of a single headline breach, but because of a clear and sustained pattern. Worm-style malware attacks like Shai-Hulud drove a dramatic spike in compromised legitimate packages, while mass compromise of shared CI components and AI-enabled attacker tooling made supply chain attacks a routine risk of modern software development. Attackers use AI to scale reconnaissance, generate convincing social engineering, and identify weaknesses in legitimate packages. Defenders must match this speed, detecting malware campaigns before they land on developer machines or in CI.

This panel explores how to match that speed: what software supply chain attacks look like today and why developers have become primary targets. Panelists discuss AI-assisted attacker tactics and what this means for protecting engineering teams. The session concludes with practical actions for security and engineering leaders: common misconceptions, concrete defensive steps, and how to balance delivery speed with systemic risk.