Security & supply chain
Vendor-neutral coverage of security & supply chain.
Articles
12 articlesGoogle, Microsoft and OpenAI route their AI 'trust layer' work through the Linux Foundation
Three of the largest AI vendors are aligning on a Linux Foundation–housed effort to build a shared trust layer for AI systems. For platform teams the read is operational: artefact provenance for models and agents is about to ride the same plumbing that already carries binary attestation.
Jun 18, 2026 · Maya OkonkwoSecurity & supply chainHardened-registry hygiene comes for AI agent skills
Chainguard has expanded its Agent Skills offering with a public catalog of more than a thousand hardened skills, a private registry option, and a service that hardens an organization's own internal skills — pulling agent provisioning into the same signing-and-pinning discipline CI/CD teams already apply to container images.
Jun 17, 2026 · Tomás VegaSecurity & supply chainGitHub gives enterprises a kill switch for Copilot's yolo mode
Enterprise-managed settings can now block GitHub Copilot CLI and VS Code from running in bypass-permission mode — the first governance control to land in that configuration plane.
Jun 17, 2026 · Tomás VegaSecurity & supply chainHCP Packer's enforced provisioners turn golden-image policy into a contract teams can't quietly skip
HashiCorp has added enforced provisioners to HCP Packer, letting platform and security teams centrally pin mandatory build steps onto every downstream image rather than trusting that the wiki page got read. The mechanism is the easy part; deciding whether your org actually wants policy this loud is the harder one.
Jun 17, 2026 · Tomás VegaSecurity & supply chainVault learns to speak SPIFFE, and your pipeline's static token is on notice
HashiCorp wired SPIFFE into Vault as both an auth method and a secrets engine, positioning Vault as a workload-identity broker that sits next to SPIRE rather than replacing it. For CI/CD that means one more reason the long-lived bearer token in your job secrets is harder to defend by the day.
Jun 17, 2026 · Tomás VegaSecurity & supply chainTenet's 'Agentjacking' research turns Sentry error data into a prompt-injection vector for AI coding agents
Security firm Tenet has demonstrated an indirect prompt-injection technique it calls Agentjacking — malicious instructions hidden inside Sentry error data that get executed by an AI coding agent with shell access. The operational read is that any third-party telemetry an agent ingests is now untrusted input.
Jun 16, 2026 · Maya OkonkwoSecurity & supply chainPinning every CI action to a commit SHA is becoming the new minimum
A new write-up from the Cilium maintainers lays out a concrete playbook for locking down CI/CD dependencies — full-SHA pinning for every action, digest-pinned containers, vendored Go modules, and Renovate with a release-age cooldown. The pattern matters even if you do not ship eBPF for a living.
Jun 16, 2026 · Tomás VegaSecurity & supply chainDocker Content Trust gets a sunset date. The harder question is what you sign with next.
Docker has published a formal retirement plan for Docker Content Trust and the Notary v1 service at notary.docker.io, ten years after DCT shipped. The migration is mostly mechanical — the strategic question, about whether anyone downstream was actually verifying anything, is the part the guide cannot answer for you.
Jun 16, 2026 · Tomás VegaSecurity & supply chainDocker Engine 29.4.3 moves the 'Copy Fail' mitigation off seccomp after the first fix broke 32-bit containers
Docker's default profile now uses AppArmor and SELinux to block the AF_ALG socket path that CVE-2026-31431 exploits, after a seccomp-only fix in 29.4.2 broke i386 binaries, Go 386 builds and Wine. The kernel patch is still the real fix; on Ubuntu it has not landed yet.
Jun 16, 2026 · Maya OkonkwoSecurity & supply chainThe 'OSS ingredients are basically safe' assumption just got a 52,000-package counter-example
Chainguard says it scanned 52,000 open-source packages used by AI-generated and 'vibe-coded' applications and concluded the long-running default — that the ingredients are safe to assume trustworthy — no longer holds. For CI/CD owners, that pushes dependency scrutiny upstream of the build.
Jun 16, 2026 · Tomás VegaSecurity & supply chainGitHub Agentic Workflows drop personal access tokens for the built-in Actions token
Agentic workflows on GitHub can now authenticate with the ephemeral GITHUB_TOKEN instead of a long-lived personal access token. It is a quiet credential-hygiene win that closes one of the messier blast radii in agent-driven CI.
Jun 15, 2026 · Tomás VegaSecurity & supply chainSBOM attestation is becoming a default pipeline step
Generating and signing a software bill of materials at build time is shifting from compliance nice-to-have to standard CD hygiene. Here's the minimal viable setup.
Jun 12, 2026 · Tomás Vega