Developers Are Now the Attack Surface

Developers, CI/CD pipelines, package managers, and AI-generated code are now part of the attack surface. We need to make development itself safer.

domenica 7 giugno 2026 New tab

2,487 words~11 min read

Recent supply chain attacks make me feel that the phase has clearly changed.

This article is not a complete solution. It is a summary of what I have been thinking about development environments and CI/CD after seeing recent supply chain attacks.

In the past, many attacks targeted people with low computer literacy. For example, attackers asked users to open suspicious emails, run suspicious attachments, or enter credentials into fake websites.

Of course, these attacks are still serious. But in many cases, there was at least some room for individual caution.

Recent attacks are different.

Developers Are Now the Attack Surface

Developers Are Now the Attack Surface

Other newsrooms on this story

Related reading

Developer Workstations Are Now Part of the Software Supply Chain

Why investors are paying attention to attack surface management startups — TFN

The real attack surface for AI coding agents is the config file

OpenAI caught in TanStack npm supply chain chaos after employee devices…

Hackers have compromised dozens of popular open source packages in an ongoing…

AI Supply Chain Attack, Agent Security Risks, & Identity Hardening

Other newsrooms on this story

Related reading

Developer Workstations Are Now Part of the Software Supply Chain

Why investors are paying attention to attack surface management startups — TFN

The real attack surface for AI coding agents is the config file

OpenAI caught in TanStack npm supply chain chaos after employee devices…

Hackers have compromised dozens of popular open source packages in an ongoing…

AI Supply Chain Attack, Agent Security Risks, & Identity Hardening