In this discussion, Hayden Smith, CEO of Hunted Labs and supply chain security expert, reveals the hidden dangers lurking in software supply chains. He explains how open source dependencies can lead to unseen vulnerabilities and how attackers exploit established trust. Listeners learn about real-world attacks, the significance of threat intelligence, and the growing role of AI in identifying risks. Hayden emphasizes essential practices like dependency pinning and continuous monitoring as crucial steps in safeguarding against these sophisticated threats.
27:12
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Open Source Powers Everything—and Risks
Open source composes the majority of enterprise applications and underpins modern software and AI infrastructure.
That ubiquity creates systemic exposure because maintainers' security standards vary from enterprise expectations.
question_answer ANECDOTE
Contributing Malicious Code As Initial Access
Attackers often gain access by contributing malicious code or publishing counterfeit packages to registries.
The Indonesian 'fake package' campaign created thousands of malicious npm packages to pollute the ecosystem and scale impact.
volunteer_activism ADVICE
Inspect Code And Contributor Identity
Inspect both the code and the contributor before adopting open source packages.
Check account age, contribution history, and whether the user is a legitimate maintainer or a newly created/AI-generated account.
Get the Snipd Podcast app to discover more snips from this episode
While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik.
In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.
What You’ll Learn
How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.
Why dependency chains dramatically amplify both exposure and attacker leverage.
How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.
Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.
Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.
CyberWire Daily 