GitHub
May 21, 2026
Ekoparty · Miami · May 21, 2026

Code security
in the AI era.

Rodolfo Sarmiento
Senior Customer Success Architect · GitHub
GitHub
A question for the room

How many of you used AI
to write code this week?

Keep your hand up if you reviewed it as carefully as code you wrote yourself.

01 / 21EKO · MIA
GitHub
Who I am
Rodolfo
Senior Customer Success Architect at GitHub. I sit with engineering teams every day — what they're shipping, how fast, what they skip.
What I see inside teams. What the GitHub Advisory Database sees across the ecosystem. Both shape what we'll cover today — with research from Serena Conticello, who couldn't make it in person.
02 / 21EKO · MIA
GitHub
A new category of developer

"vibe coder"

Building things they genuinely couldn't build before. A junior dev moving faster than their experience. A PM or founder describing what they want and getting working code back.
Passes lint
The code looks clean.
Passes tests
It works on the happy path.
Follows patterns
…from millions of repos. Including the vulnerable ones.
03 / 21EKO · MIA
GitHub
GitHub Advisory Database · CVE submissions
4×
year
over
year

Not because researchers got better at finding bugs. The attack surface is expanding faster than the defenses.

04 / 21EKO · MIA
GitHub
Advisory DB Data
Advisory DB Data

Vunerability Trends

CVE
Description of image
Malware
Description of image
05 / 21EKO · MIA
GitHub
Threat landscape · 01
Early 2025 · Warning shot

tj-actions/changed-files

A single GitHub Action thousands of CI pipelines already trusted. The attacker didn't need your repo — just the tag you were already pulling at runtime.

23k+
Repositories compromised through one mutable tag reference.
06 / 21THREAT
GitHub
Threat landscape · 03
March 2026 · five attacks in twelve days

Trust was the delivery mechanism.

April 2026
Trivy
A vulnerability scanner. Your tool became the vector.
100k
users
TeamPCP
April 2026
Axios
Maintainer's npm account. Hours live was enough.
100M/wk
downloads
UNC1069
May 2026 · Last week
TanStack
"Mini Shai-Hulud" — self-propagating, with a kill switch.
84/6min
malicious versions
TeamPCP
07 / 21THREAT
GitHub
Quote
"
Your security tool became the attack vector.
08 / 21THREAT
GitHub
Axios
April 2026 · UNC1069

Axios

A JavaScript HTTP library running in 80% of cloud and code environments.

North Korean threat actor compromised a maintainer's npm account. Malicious versions lived for hours — long enough at 100M weekly downloads. Payload: a backdoor called Waveshaper.v2 across Windows, Linux, and Mac.

100M
downloads
/ week
Windows
backdoor
Linux
backdoor
macOS
backdoor
payload: Waveshaper.v2
09 / 21THREAT
GitHub
Mini Shai-Hulud · TanStack
Last week · TeamPCP

Mini Shai-Hulud · TanStack, UiPath, MistralAI

19:20 → 19:26 UTC · Monday
84
malicious
versions
across 42 TanStack packages
= 14 versions / minute
React Router
12M
weekly downloads
query-core
220M
monthly downloads
10 / 21THREAT
GitHub
The payload
How the TanStack payload behaves
01
Steals your credentials.
02
Self-propagates to other packages you maintain.
03
If you rotate the stolen tokens — it runs rm -rf ~/
Dead-man's switch. Wipes your home directory.

Rotating your credentials triggers the bomb.

11 / 21THREAT
GitHub
The threat model
The whole threat model, in one sentence

You're not just
responsible for the code
you write.

You're responsible for the code
you trust.

12 / 21THREAT
GitHub
What you can do
So what do you actually do?

Move security
to the moment of writing.

Not the moment of review. Not the moment of CI. The moment the code is typed.

13 / 21TOOLING
GitHub
Today · GitHub Actions
Do this today · 2026 roadmap will automate it

Pin actions to a commit SHA.

Mutable tags are the root cause of tj-actions. The roadmap locks every action — direct & transitive — like a go.sum for CI, plus runner-level egress firewall and org-wide execution policies.

Don't
- uses: actions/checkout@v4
Do
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
14 / 21TOOLING
GitHub
Available today
Today · In your repo

Three to enable now.

Free for open source. On GHAS for private repos.

Dependabot

Free · on by default
Watches your dependencies. Opens PRs when known vulnerabilities land.
Still off in too many repos.

CodeQL

Static analysis · per-PR
SQL injection. Path traversal. XSS. Finds the pattern even when the code looks clean.
Pattern-aware, not surface-clean.

Secret scanning

Push protection · default-on
Figma, GCP, Langchain, OpenVSX, PostHog now default-on. Cloudflare just joined as a partner.
A safety net for fast-moving teams.
15 / 21TOOLING
GitHub
GitHub MCP Server · new
Scanning · in your agent

Catch it before the commit.

Secret scanning is GA via the GitHub MCP Server. Dependency scanning is in public preview. Your agent scans while you type — not in CI, after the fact.

VS Code
Copilot CLI
Cursor
Copilot CLI · GA
$ copilot --add-github-mcp-tool run_secret_scanning
Copilot CLI · preview
$ copilot --add-github-mcp-toolset dependabot
VS Code Copilot Chat
// in chat
/secret-scanning scan my current changes for exposed secrets
16 / 21TOOLING
GitHub
Remediation & prioritization
Once you find them, fix the urgent ones first

Fix in the PR. Triage by reality.

Copilot Autofix

CodeQL flags a vulnerability. Autofix shows you the fix inline. PR suggestion you accept, edit, or reject.

faster remediation
12×
for SQL injection

Defender for Cloud
code-to-cloud · GA

Filter CodeQL alerts by what's actually running and reachable.

deployed · internet-exposed
FIRE
deployed · sensitive-data access
URGENT
not deployed
BACKLOG
17 / 21TOOLING
GitHub
The honest picture
Where we are, today

The data isn't encouraging in the abstract. The tooling is real.

Not encouraging
  • CVEs are up.
  • Supply chain attacks are up.
  • TeamPCP campaigns are still active. The TanStack blast radius is still expanding.
Real shifts
  • +Scanning in the agent, before the commit.
  • +Fix-suggestion inside the PR, not a JIRA ticket.
  • +Runtime context: what's actually deployed.
18 / 21EKO · MIA
The progress is real, but so is the strain.

Are we ahead or behind?


  • More vulnerabilities are being surfaced than ever before.
  • Better tooling is improving early detection and response.
  • Volume, triage pressure, and low-quality reports still create drag.
  • Strong security practice must be practical, clear, and accessible.
19 / 21EKO · MIA
GitHub
Before you leave this room
Three things to do

Before you leave this room.

01
Pin GitHub Actions to commit SHAs, not tags.
~10 min
02
Enable MCP secret + dependency scanning in your IDE.
Catches issues before commit, not after.
~5 min
03
Turn on Copilot Autofix + Defender runtime filters.
If you're on GHAS. Focus on what's actually deployed.
GHAS
20 / 21TOOLING
GitHub
Ekoparty · Miami · May 21, 2026

thank you.

If you maintain open source
Enable push protection. Your package is infrastructure — treat it that way.
Rodolfo Sarmiento
Senior Customer Success Architect · GitHub
Research and co-authorship: Serena Conticello, GitHub Advisory Database.
I'm around after. Come find me.
21 / 21EKO · MIA · 2026