TL;DR: 🚀 OpenSSF Community Day NA → Agenda live, read the session highlights. ⚖️ TPN & SBOM Evolution → New frameworks aim to turn "dead" PDF notices and static SBOMs into active security intelligence. 🤖 Agentic AI Security → OpenSSF welcomes OSS-CRS and examines using SAFE-MCP to secure non-deterministic AI agents. 📦 Project Milestones →…
Agentic AI systems and AI-driven software workflows are evolving quickly, with more people building on top of them. With that shift comes new questions around trust, control, provenance, and secure interaction between models, tools, and users. Traditional cybersecurity models are being pushed to their limits, and the security stakes have never been higher.
Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU).
At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo GarcĂa Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.”
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.Â
