cd /news/ai-agents/risky-biz-podcast-ai-agents-are-rais… · home topics ai-agents article
[ARTICLE · art-45720] src=socket.dev ↗ pub= topic=ai-agents verified=true sentiment=↓ negative

Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security

Socket CEO Feross Aboukhadijeh told the Risky Business podcast that AI coding agents are accelerating software supply chain risks by pulling in dependencies at machine speed and making unreviewed trust decisions, as attackers increasingly compromise open source packages, abuse developer workflows, and evade traditional security tools.

read1 min views1 publishedJun 30, 2026
Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security
Image: Socket (auto-discovered)

The last six months have been one of the most intense stretches of software supply chain attacks the open source ecosystem has seen.

Attackers are compromising widely used packages, abusing trusted developer workflows, stealing credentials, and using package registries, IDE extensions, and source repositories to distribute malicious code. At the same time, AI coding agents are changing how software gets built, pulling in dependencies at machine speed and making unreviewed trust decisions without much context.

That combination raises the stakes for teams that rely on open source software.

In a new Risky Business sponsor interview, Socket founder and CEO Feross Aboukhadijeh joins Patrick Gray to discuss the surge in supply chain attacks, how AI agents are changing dependency risk, and why malicious packages often evade traditional security tools.

The conversation also covers Socket Firewall, which blocks malicious packages and code extensions before they reach developers' machines. Feross explains how teams can use it as a package manager wrapper, in CI, or as a network proxy/upstream for internal package registries.

AI is making the supply chain problem louder, faster, and harder to manually track. It can also give defenders the scale to review open source code in ways that were previously out of reach.

Watch the full interview below.

── more in #ai-agents 4 stories · sorted by recency
── more on @socket 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/risky-biz-podcast-ai…] indexed:0 read:1min 2026-06-30 ·