Portkey's resource offers insights, tutorials, and resources for web developers and designers. Readers can learn about frontend development, user experience design, and web development tools. With articles, tutorials, and design showcases, Portkey provides  guidance and expertise for creating modern and responsive web applications.

portkey

A coordinated supply chain attack on an open-source LLM gateway exposed millions of users to silent credential harvesting. The attack exploited common AI ecosystem habits: raw provider keys on developer machines, unpinned dependencies, and overly broad CI/CD secret scopes. The post analyzes why LLM gateways are high-value targets, explains three levels of dependency pinning (version pinning, lockfiles with hash verification, and transitive auditing), details how .pth files were weaponized for persistent code execution, and outlines concrete mitigations including scoped virtual keys, atomic credential rotation, step-scoped CI/CD secrets, and pinning GitHub Actions to commit SHAs.

Moving Fast Has a Security Bill and It Just Came Due