Supply Chain Attacks: Open Source or Open Door?

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.  

In this episode you’ll learn:      

• How attackers are targeting open source software ecosystems at scale 

• Why AI is accelerating both cyberattacks and threat detection 

• What was uncovered during their BlueHat presentation on modern software supply chain attacks 

Some questions we ask:     

• What patterns did you uncover in NPM attack campaigns? 

• Should developers rely on dependencies or build everything themselves? 

• Why should organizations pay closer attention to open source security risks? 

Resources:  

View Allie Luhrs on LinkedIn  

View Mario Samolis on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 

• The BlueHat Podcast 

• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts atmicrosoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.