Skip to content
.ca
sign in
2 minlow

Meet the Socket Team at RSAC and BSidesSF 2026

This article is a promotional announcement for the Socket team's attendance at the RSAC and BSidesSF 2026 conferences. It briefly highlights the growing industry trend of threat actors weaponizing AI coding assistants to execute supply chain attacks by slipping malicious dependencies into developer workflows.

Conf:lowAnalyzed:2026-03-05reports

Authors: Socket Team

AI Coding AssistantsSupply ChainRSAC 2026BSidesSF

Source:Socket

Key Takeaways

  • The Socket team is attending RSAC and BSidesSF 2026 in San Francisco.
  • Threat actors are increasingly weaponizing AI coding assistants to introduce malicious dependencies into developer workflows.
  • Supply chain attacks are growing in volume and complexity, targeting open source ecosystems.
  • Socket is hosting a rooftop happy hour on March 22 with RunReveal, Cside, Keycard, and Tracebit.

Affected Systems

  • Developer workflows
  • Open source ecosystems
  • AI coding tools

Attack Chain

N/A - This article is a promotional event announcement and does not detail a specific attack chain or technical intrusion.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No detection rules or logic are provided in this promotional article.

Detection Engineering Assessment

EDR Visibility: None — The article contains no technical details, malware samples, or execution behaviors to detect via EDR. Network Visibility: None — No network indicators, C2 infrastructure, or exfiltration methods are discussed. Detection Difficulty: Hard — Detecting malicious dependencies introduced via AI coding assistants requires advanced static/dynamic code analysis and behavioral monitoring of developer environments.

Required Log Sources

  • Source Code Management (SCM) Audit Logs
  • CI/CD Pipeline Logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Adversaries or compromised developers may leverage AI coding assistants to introduce malicious or vulnerable dependencies into corporate codebases.Source code management (SCM) commit logs, CI/CD pipeline dependency scans, and developer endpoint process monitoring.Initial AccessHigh

Control Gaps

  • Lack of visibility into AI-generated code snippets before they are committed to repositories.

Recommendations

Immediate Mitigation

  • N/A

Infrastructure Hardening

  • Implement automated dependency scanning and software composition analysis (SCA) in CI/CD pipelines.

User Protection

  • Establish strict policies and review processes for code generated by AI assistants.

Security Awareness

  • Train developers on the risks of AI-assisted coding tools and the potential for AI-hallucinated or maliciously injected vulnerable dependencies.

MITRE ATT&CK Mapping

  • T1195 - Supply Chain Compromise

Related