In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.
In this episode you’ll learn:
How attackers are targeting open source software ecosystems at scale
Why AI is accelerating both cyberattacks and threat detection
What was uncovered during their BlueHat presentation on modern software supply chain attacks
Some questions we ask:
What patterns did you uncover in NPM attack campaigns?
Should developers rely on dependencies or build everything themselves?
Why should organizations pay closer attention to open source security risks?
Resources:
View Allie Luhrs on LinkedIn
View Mario Samolis on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
