Biju K

Modern enterprises no longer get breached through their own front door. They get breached through a CI/CD pipeline they did not audit, an npm package three dependencies deep, a managed service provider with privileged access, or a hardware vendor halfway across the world. The supply chain has quietly become the softest underbelly of enterprise security, and the recent wave of compromises from open-source package poisoning to nation-state operations against trusted vendors has made it impossible to ignore.

This panel brings together defenders, threat researchers, and security leaders to unpack what the latest supply chain breaches actually tell us about the state of enterprise security. We will dig into where the real blind spots are, why traditional vendor risk assessments keep missing them, and what a credible defense looks like when your attack surface includes every third party you have ever signed a contract with. Expect frank discussion on SBOMs, code provenance, vendor accountability, and the harder organizational question who actually owns supply chain risk when something goes wrong?