Risky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain Security Socket CEO Feross Aboukhadijeh told the Risky Business podcast that AI coding agents are accelerating software supply chain risks by pulling in dependencies at machine speed and making unreviewed trust decisions, as attackers increasingly compromise open source packages, abuse developer workflows, and evade traditional security tools. The last six months have been one of the most intense stretches of software supply chain attacks the open source ecosystem has seen. Attackers are compromising widely used packages, abusing trusted developer workflows, stealing credentials, and using package registries, IDE extensions, and source repositories to distribute malicious code. At the same time, AI coding agents are changing how software gets built, pulling in dependencies at machine speed and making unreviewed trust decisions without much context. That combination raises the stakes for teams that rely on open source software. In a new Risky Business sponsor interview https://risky.biz/RB843/ , Socket founder and CEO Feross Aboukhadijeh joins Patrick Gray to discuss the surge in supply chain attacks, how AI agents are changing dependency risk, and why malicious packages often evade traditional security tools. The conversation also covers Socket Firewall https://socket.dev/features/firewall , which blocks malicious packages and code extensions before they reach developers' machines. Feross explains how teams can use it as a package manager wrapper, in CI, or as a network proxy/upstream for internal package registries. AI is making the supply chain problem louder, faster, and harder to manually track. It can also give defenders the scale to review open source code in ways that were previously out of reach. Watch the full interview below.