Kalle Sirkesalo
Kalle works as CTO of Managed Services, making sure Eficode delivers the best possible offering for our service customers. Having worked in the Eficode Managed Services team for many years his experience is wide and deep; he is familiar with maintenance, upgrades and migrations of services to cloud as well as the challenges related to adopting new ways of working.
AI-Powered Slopsquatting: Is Your Software Supply Chain Compromised?
Manual dependency checks are no longer sufficient. The software supply chain faces an evolved threat: Slopsquatting. In this talk I’ll expose the nature of AI-driven Slopsquatting, a technique exploiting subtle naming variations and developer habits to inject malicious code.
I will dissect why this threat vector is particularly insidious, how AI enhances its effectiveness, and the high probability that your current practices leave you vulnerable.
In this talk I’ll show concrete examples from the real world on how to counter this behaviour.
Learn how to integrate automated checks, enhance vetting processes, and adopt DevSecOps strategies crucial for safeguarding your applications and understanding the collective responsibility we share in securing the open-source landscape.
Define Slopsquatting and how AI transforms it into a scalable, sophisticated threat.
Analyze the specific vulnerabilities exploited by AI-driven Slopsquatting.
Evaluate the risks associated with inadequate dependency management in CI/CD pipelines.
Implement robust, automated strategies to counter Slopsquatting threats.
Understand the broader implications for software supply chain security.
Kalle works as CTO of Managed Services, making sure Eficode delivers the best possible offering for our service customers. Having worked in the Eficode Managed Services team for many years his experience is wide and deep; he is familiar with maintenance, upgrades and migrations of services to cloud as well as the challenges related to adopting new ways of working.
AI-Powered Slopsquatting: Is Your Software Supply Chain Compromised?
Manual dependency checks are no longer sufficient. The software supply chain faces an evolved threat: Slopsquatting. In this talk I’ll expose the nature of AI-driven Slopsquatting, a technique exploiting subtle naming variations and developer habits to inject malicious code.
I will dissect why this threat vector is particularly insidious, how AI enhances its effectiveness, and the high probability that your current practices leave you vulnerable.
In this talk I’ll show concrete examples from the real world on how to counter this behaviour.
Learn how to integrate automated checks, enhance vetting processes, and adopt DevSecOps strategies crucial for safeguarding your applications and understanding the collective responsibility we share in securing the open-source landscape.
Define Slopsquatting and how AI transforms it into a scalable, sophisticated threat.
Analyze the specific vulnerabilities exploited by AI-driven Slopsquatting.
Evaluate the risks associated with inadequate dependency management in CI/CD pipelines.
Implement robust, automated strategies to counter Slopsquatting threats.
Understand the broader implications for software supply chain security.