4 posts
A malicious Bitwarden CLI package ran during npm install, before anyone had a chance to inspect it. That is exactly the kind of supply chain story the agentic era keeps repeating.
An attacker put untrusted text into a GitHub issue. An AI workflow turned it into shell commands inside CI. The Cline supply-chain incident shows why runtime enforcement matters more than prompt defense.
The LiteLLM compromise shows why upstream supply chain defenses are not enough. Once a bad package lands, what matters is whether it can actually do anything dangerous.
GlassWorm started as a VS Code supply chain attack. Now it's targeting MCP packages directly. Here's exactly what it does, and why runtime enforcement is the layer that still works after a malicious package is already installed and running.