Consultancy

Expert consultancy for strategic solutions and sustainable growth

Threat Modelling

Isolate critical security threats

How we can help secure your AI/ML-enabled systems

Pentesting and Red Team

Kubernetes & Cloud system security testing and training

CRA & OSS Compliance

EU Cyber Resilience Act advisory and secure supply chain

Platform Engineering

Security, policy, and infrastructure as code

Software Supply Chain Security

Secure software delivery from dependencies to distribution

Cloud Native Security Assurance

Enterprise security assessment for infrastructure and applications

DevOps and Deployment

Security, policy, and infrastructure as code

Red and Purple Teams

Breach simulation, incident response, testing and training

Advisory Services

Advisory and regulatory compliance

Enterprise for Flux CD Enterprise for OpenBao

Training

Our training courses catalog

How we deliver optimal outcomes for your business

Resources

Our success stories

Security reviews and publications

Open source tools and utilities

Hacking Kubernetes

How to Hack Kubernetes

Talks and presentations

Conferences and Engagements

About

About ControlPlane

Learn more about our company

Our core values and ethos

Join our team

Get in touch with us

Open Source Security Risks: Countering the Threat

Published on February 19, 2026

Author Pam Oldfield

Tags

generative-ai cloud compliance governance security

It is estimated that 96% of software produced today relies on open source software (OSS).

In September 2025, the first ever registry-native worm malware, Shai-Hulud, made its appearance. Since then, reports have identified a significant spike in threats to open source and commercial software supply chains and AI-development pipelines.

SC Magazine brought together leading industry voices, including Andrew Martin, Founder and CEO of ControlPlane, to discuss how businesses can counter the threat. To see the full article, see here.

Related blogs

May 22, 2026 Blog

Tampered Tokenizers: An AI Supply Chain Meltdown

The tokenizer attack that existing scanners can’t catch, and the supply chain tooling that can.

security generative-ai supply-chain

May 5, 2026 Blog

The End of Safe Software? No, It's Not.

security open-source supply-chain generative-ai

April 28, 2026 Blog

How LLMs Are Ending The Attacker-Defender Stalemate (And What to Do About It)

security generative-ai red-team governance assurance blue-team