Security threats targeting the software supply chain appear to be growing as AI spreads.

In March, a supply chain attack was confirmed after attackers tampered with the Axios NPM (Node Package Manager) package, triggering millions of malicious distributions. More recently, another supply chain attack occurred when trojanised installers were distributed through the official website of virtual drive utility Daemon Tools. Software packages widely used by developers, including SAP, Intercom and Lightning, were also exposed to hacking attacks in succession.

• Malicious installer distributed on Daemon Tools official website... not detected for a month • Supply chain attacks spread... SAP, Intercom and PyPI Lightning package also hit

Concerns are also being raised that automation features provided by AI coding tools could further increase supply chain security threats. AdversaAI pointed out that attackers could exploit the automation features of AI coding tool Claude Code to carry out supply chain attacks.

• "AI coding tools could accelerate supply chain security threats"

As interest in AI agents grows, companies involved in agent security are speeding up their moves. M&A is also increasing in the process. Cisco has formalised its intention to acquire non-human identities (NHIs) security startup Astrix Security. Palo Alto Networks will acquire AI gateway startup Portkey. Portkey has provided a central control platform to manage and protect autonomous AI agents. It currently processes tokens on the scale of trillions a month and supports low-latency agent-to-agent communications.

• Cisco formalises intention to acquire AI agent security startup Astris • Palo Alto Networks to acquire Portkey... strengthens AI agent security platform

The article also summarised moves by companies at home and abroad related to AI.

OpenAI will first release its cybersecurity-focused model, GPT-5.5 Cyber, to selected users. OpenAI will distribute GPT-5.5 Cyber sequentially to "key cybersecurity leaders". GPT-5.5 Cyber can carry out tasks such as penetration testing, vulnerability discovery and exploitation, and malware reverse engineering. It was designed as a toolkit for companies to find security vulnerabilities and verify defence systems. There are also concerns it could be misused for malicious purposes. There was also an assessment by a research body under the British government that OpenAI's GPT-5.5 demonstrated advanced cyberattack capabilities in a controlled research environment.

• OpenAI to restrict GPT-5.5 Cyber rollout... first 공개 to verified security experts • UK AI Safety Institute warns GPT-5.5 cyber threat on par with Mythos

Anthropic CEO Dario Amodei warned there is not much time left to fix tens of thousands of software vulnerabilities discovered by the company's AI model Mythos. He said Chinese AI models lag Anthropic products by 6 to 12 months and that window is the time available to patch the vulnerabilities. Jamie Dimon, CEO of JPMorgan Chase, warned that Mythos can find software vulnerabilities much faster than existing security auditing tools.

• Anthropic CEO: "Mythos found tens of thousands of vulnerabilities..." not much time to respond • JPMorgan CEO: "Claude Mythos poses high risk... finance sector must prepare"

As concerns grow over security threats using AI, the White House is also considering a plan to conduct a pre-release review before making some high-performance AI models available to the public.

• White House pushes pre-release review before AI model disclosure... reflecting cybersecurity concerns

Cisco released an open-source tool, the Model Provenance Kit, to help companies address security and compliance issues related to using external AI models.

• Cisco releases open-source tool to verify provenance of third-party AI models

KT will overhaul its companywide information security framework around a newly formed Information Security Office. KT redesigned its overall security structure, scope and operating level around the office, which consolidates previously dispersed security functions.

• KT launches "integrated security governance"... stakes all on high-intensity overhaul

AI governance specialist Iroun & Company said its integrated AI governance solution, SAIFE X v1.0, has been formally listed on the Public Procurement Service's Nara Marketplace digital services mall. Naver Cloud introduced a new security feature, ACME, that automatically manages certificates. SGA Group, marking its 23rd anniversary, presented Security for AI as its official vision and will strengthen an integrated security framework required in the AI era.

• Iroun & Company registers AI governance solution SAIFE X on PPS digital services mall • Naver Cloud launches ACME, an automatic certificate management feature • SGA Group marks 23rd anniversary... "strengthen integrated security targeting AI"

Michael Sellitto, Anthropic's head of global policy, is expected to visit South Korea next week to meet the National Artificial Intelligence Strategy Committee and discuss ways to cooperate on AI security.

• Anthropic policy chief to visit South Korea next week... to discuss Mythos with AI strategy committee