Risky Bulletin (Risky Business)
Episode: Sponsored: The Smouldering Trashfire of AI and Open Source
Date: February 22, 2026
Host: Casey Ellis
Guest: Feross Aboukhadijeh (DJ, Founder of Socket)
Episode Overview
In this deep-dive discussion, host Casey Ellis interviews Feross Aboukhadijeh, a prolific open source maintainer and founder of Socket, on the evolving security risks in the open source software supply chain—particularly as AI and autonomous agents reshape how code is written and dependencies are managed. The episode explores the accelerating risks posed by AI-driven development, recent high-profile supply chain attacks, the growing complexity of software dependencies, and introduces Socket’s new product aimed at enforcing strong guardrails for both human and AI-generated software.
Key Discussion Points & Insights
1. The "Smouldering Trashfire" of Open Source & AI
- Casey frames the conversation as an exploration of "a latent trash fire that the Internet's kind of collectively waking up to" as AI pours fuel onto open source software risks. [(01:04)]
- Feross expands that the scale and automation of AI agents exacerbate pre-existing weaknesses in dependency management:
"Agents now write the majority of production code at the leading AI labs... we're seeing dependency counts at these customers really, really high...the core question is how do you enforce safety when neither humans nor agents can realistically reason about dependency risk at the time they're installing that code?" [(01:31)]
2. Rapid AI Adoption & Its Effects
- AI agent-written code has quickly become dominant at frontier AI labs ("90% plus" of new code) and is spreading fast into mainstream enterprises, with even conservative companies reporting 40–50% of code now written by AI. [(04:04)]
- The adoption is driven by competitive pressure and a “fear of missing out,” sometimes at the cost of security best practices.
"People want to adopt this stuff, there's clear demand, but then how do you do it safely?" (B: 04:35)
3. Chronic Dependency Management Issues
- Even before AI, organizations struggled with dependency risk, especially with increasing volume and granularity of open source packages.
"There's way more open source than before and those are in tinier and tinier components of functionality...that's just created this huge vector into the organization..." [(07:27)]
- Recent years have seen a spike in high-impact supply chain attacks, sometimes involving worms that rapidly compromise thousands of packages.
"We've seen literally thousands of packages get taken over within the period of hours and it's just—the scale is really unprecedented." [(07:27)]
4. The Failure of Current Security Approaches
- Traditional SCA tools, focused on CVEs and licenses, are inadequate for detecting malicious code or supply chain attacks.
- Real-world practice is fragmented, with no single control point ensuring the safety of dependencies adopted by humans or agents. [(05:38), (06:56)]
- Shift-left principles in security don’t go far enough; there’s a need to intervene even earlier—before code even enters the developer's environment.
"We just have to shift left even further than we thought before..." [(10:00)]
5. The Anatomy of a Modern Supply Chain Worm: Shai Hulud
- Feross recounts the Shai Hulud incident, the largest supply chain attack in open source to date:
- Thousands of NPM packages compromised within hours.
- Automated infection harvested AWS credentials, GitHub tokens, etc.
- Propagation led to exponential spread; a single developer’s compromise affected organizational supply chains.
- Even a Fortune 5 company’s only mitigation was to email developers "do not install anything today." [(15:40)]
- Illustrates severe lack of visibility and lack of preventive control across the industry.
6. The Solution: Socket Firewall
- Product Reveal: Socket Firewall adds automated, centralized enforcement at the earliest possible stage—blocking malicious, risky, or non-compliant packages before they reach developer machines or CI systems. [(19:13)]
- Deployment is possible at the CLI level or network level (e.g. DNS redirection).
- Integrates intelligence from large-scale, real-time analysis of all open source code, combining AI and human vetting.
"Socket has an index of every piece of open source code that's ever been written...we immediately start analyzing it, scanning it, we look for about 70 signals of supply chain risk..." [(21:16)]
- Real World Need: Pain is so acute that a top 4 US bank deployed the product organization-wide in two months, bypassing typical lengthy procurement. [(23:32)]
"The pain was so real...they were willing to do anything possible to accelerate this..." [(23:32)]
Notable Quotes and Memorable Moments
-
On the Scale of AI’s Impact:
"This is obviously...one of the biggest shifts we've seen in the way that software gets written ever." – Feross (B), [(01:31)] -
On Supply Chain Attack Vectors:
"Open source code is really just, it's like a big wiki and anyone can put anything up there." – Feross (B), [(11:53)] -
On Inadequacy of Legacy Practices:
"So really what I'm hearing you say there is that we've taken something that we're already not very good at and given it a bunch of caffeine and a puppy." – Casey (A), [(06:56)] -
On the Shai Hulud Worm Response:
"They just sent an email to their entire engineering team...do not install anything today. That was their mitigation to this." – Feross (B), [(15:40)] -
On Socket's Intelligence:
"Our threat intelligence is our product. Socket has an index of every piece of open source code that's ever been written." – Feross (B), [(21:16)] -
On Proof of Industry Pain:
"They skipped a POC like the pain was so real for them that they were willing to kind of do anything possible to accelerate this." – Feross (B), [(23:32)]
Important Timestamps
- 00:53 – Framing the "trash fire" that is open source + AI
- 01:31 – AI agents writing 90%+ of code & downstream effects
- 04:04 – Enterprise adoption rates for AI-generated code
- 06:56 – Current industry failures in dependency risk management
- 07:27 – New wave of high-impact supply chain compromises & worm attacks
- 10:00 – The need for even earlier "shift left" security
- 15:40 – Anatomy of the Shai Hulud worm attack & organizational response
- 19:13 – Introduction and explanation of Socket Firewall
- 21:16 – How Socket’s threat intelligence operates
- 23:32 – Case study: Rapid deployment of Socket Firewall at a major US bank
Summary
Casey Ellis and Feross Aboukhadijeh provide a frank, technical, and urgent look at the escalating chaos in the open source software ecosystem—amplified by generative AI and autonomous coding agents. They illustrate a scenario where both detection and prevention of supply chain attacks are failing at scale, culminating in stories like the Shai Hulud worm and unprecedented responses from industry giants. The core message is one of intensifying risk but also emerging innovation: with products like Socket Firewall, organizations can finally gain the leverage needed to block bad dependencies at the source, regardless of whether code is written by a human or an AI agent.
The tone is candid, lightly humorous, and practical—a call to arms for making “insecure obvious and secure easy” as AI irreversibly transforms the software development landscape.
