Two major software supply chain attacks hit LiteLLM (PyPI) and Axios (npm) within a week of each other, collectively affecting hundreds of millions of weekly downloads. The attacks exploited CI pipeline credentials and compromised maintainer accounts with sophisticated, pre-staged backdoors. Meanwhile, the median time from vulnerability disclosure to active exploitation has collapsed to near-zero, with ~70% of flaws weaponized before public disclosure. A leaked Anthropic internal document reveals a forthcoming model called 'Claude Mythos' with advanced cybersecurity capabilities, raising concerns about adversarial symmetry: the same AI that helps defenders find vulnerabilities can be used by attackers. JFrog argues that policy enforcement at the point of ingestion — governing packages, dependencies, agent skills, and MCP servers before they enter the pipeline — is the durable answer to this accelerating threat landscape.
Table of contents
The Flood of Zero-Day VulnerabilitiesThe Appearance of MythosThe Adversarial Symmetry ParadoxPolicy as the AI TiebreakerSort: