VentureBeat | Transformative tech coverage that matters

633 malicious npm packages passed Sigstore provenance checks with legitimate signing certificates — VentureBeat made with Imagen

Featured

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

633 malicious npm packages cleared every provenance check. Stolen accounts, valid certificates — and no single vendor covers all seven attack surfaces that failed.

Louis Columbus

May 22, 2026

MFA verifies who logged in. It has no idea what they do next.

MFA authenticates at the front door and never looks again. That's the gap attackers are exploiting — and most enterprises haven't closed it.

Louis Columbus

May 21, 2026

Partner Content

Americans can’t spot a deepfake, and that’s a business crisis, not just a consumer problem

Presented by Veriff

VB Staff

May 21, 2026

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. Seven developer-identity surfaces failed in one month; no vendor covers all seven.

Louis Columbus

May 20, 2026

Subscribe to get latest news!

Deep insights for enterprise AI, data, and security leaders

Four supply-chain incidents hit OpenAI, Anthropic, and Meta in 50 days. The model was not the target. The release surface was. — VentureBeat created with Imagen

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four incidents. Three frontier labs. One unaddressed gap: the release pipelines that sit outside every AI vendor questionnaire.

Louis Columbus

May 18, 2026

Agent authorization is broken — and authentication passing makes it worse

Verified agents are accessing data they were never scoped to touch. Cisco's Anthony Grieco maps four authorization gaps — and why identity frameworks alone won't stop them.

Louis Columbus

May 14, 2026

worm attack — VentureBeat created with Imagen

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

The Mini Shai-Hulud worm hit 172 npm and PyPI packages carrying valid SLSA provenance. Here's the six-gap CI/CD audit grid and the action plan to find it and lock it out.

Louis Columbus

May 12, 2026

Four research teams exposed the same Claude security flaw in 48 hours. Here’s the audit matrix for every blind spot your security stack misses. — Created by VentureBeat with Imagen

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four security teams exposed the same Claude architectural flaw in 48 hours. No single patch covers all three surfaces.

Louis Columbus

May 12, 2026

AI agents are updating hospital records and running factory inspections. Their identity layer was built for humans. — VentureBeat created with Imagen.

AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.

The 80-point gap between AI pilots and production isn't a model problem. Cisco's framework for why identity governance is the missing piece — and what to build first.

Louis Columbus

May 11, 2026

Supply chain attack — CleoP made with Midjourney

AI tool poisoning exposes a major flaw in enterprise agent security

AI agents choose tools from shared registries by matching natural-language descriptions. But no human is verifying whether those descriptions are true.

Nik Kale

May 10, 2026

5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis

our security stack was built for servers and cloud accounts — not the Lovable app your PM deployed on a public URL last weekend.

Louis Columbus

May 8, 2026

An AI agent rewrote a Fortune 50 security policy. Every identity check passed. The gap has a name now. — Source: VentureBeat

An AI agent rewrote a Fortune 50 security policy. Here's how to govern AI agents before one does the same.

Every identity check passed — and the security policy still got rewritten. Here's the 6-stage framework for governing AI agents in production.

Louis Columbus

May 8, 2026