Presentations

Alphabetical Order ..

kcdc 2025 security devtools AI

The Enemy Within, How AI is Weaponizing Your Code

By Steve Poole, Developer Advocate & Software Supply Chain Security Expert Artificial intelligence is transforming the software landscape—not just as a tool for developers but as a powerful weapon for attackers. In this talk, Steve Poole explores how AI lowers barriers to entry, scales attacks, and introduces entirely new threat vectors across the software supply chain.

2025 security devops shai-hulud

The Shai-Hulud NPM Worm, When Supply Chains Bite Back

In September 2025 the ecosystem met something new: Shai-Hulud, a self-propagating npm worm. It started with a trusted package (@ctrl/tinycolor): attackers slipped in a malicious payload that ran at install time, grabbed secrets from developer machines and CI/CD runners, shipped them off to attacker servers, and then used those stolen credentials to poison dozens more packages. For the first time, supply chain malware didn’t just wait to be pulled: it spread by itself.

javazone 2025 security supply chain supply chain attacks Java AI

Securing the Modern Developer Environment

The presentation, “Securing the Modern Developer Environment” by Steve Poole, highlights the increasing threat of supply chain attacks, especially those enhanced by artificial intelligence (AI).